GoogleCloudPlatform · trodge · Sep 14, 2023 · Sep 6, 2023 · Sep 13, 2023 · trodge
diff --git a/mmv1/products/secretmanager/SecretVersion.yaml b/mmv1/products/secretmanager/SecretVersion.yaml
@@ -45,6 +45,16 @@ examples:
       data: 'secret-data'
     ignore_read_extra:
       - 'deletion_policy'
+  - !ruby/object:Provider::Terraform::Examples
+    name: 'secret_version_with_base64_string_secret_data'
+    primary_resource_id: 'secret-version-base64'
+    vars:
+      secret_id: 'secret-version'
+      data: 'secret-data.pfx'
+    test_vars_overrides:
+      data: '"./test-fixtures/binary-file.pfx"'
+    ignore_read_extra:
+      - 'is_secret_data_base64'
 import_format:
   ['projects/{{%project}}/secrets/{{%secret_id}}/versions/{{%version}}']
 custom_code: !ruby/object:Provider::Terraform::CustomCode
@@ -54,6 +64,11 @@ custom_code: !ruby/object:Provider::Terraform::CustomCode
   resource_definition: templates/terraform/resource_definition/secret_version.go.erb
   decoder: templates/terraform/decoders/treat_destroyed_state_as_gone.erb
   pre_delete: templates/terraform/pre_delete/secret_version_deletion_policy.go.erb
+  pre_read: templates/terraform/pre_read/secret_version_is_secret_data_base64.go.erb
+  extra_schema_entry: templates/terraform/extra_schema_entry/secret_version_is_secret_data_base64.go.erb
+docs: !ruby/object:Provider::Terraform::Docs
+  optional_properties: |
+    * `is_secret_data_base64` - (Optional) If set to 'true', the secret data is expected to be base64-encoded string and would be sent as is.
 virtual_fields:
   - !ruby/object:Api::Type::Enum
     name: 'deletion_policy'
@@ -123,4 +138,4 @@ properties:
         required: true
         description: The secret data. Must be no larger than 64KiB.
         sensitive: true
-        custom_expand: templates/terraform/custom_expand/base64.go.erb
+        custom_expand: templates/terraform/custom_expand/secret_version_secret_data.go.erb
diff --git a/mmv1/templates/terraform/custom_expand/secret_version_secret_data.go.erb b/mmv1/templates/terraform/custom_expand/secret_version_secret_data.go.erb
@@ -0,0 +1,24 @@
+<%- # the license inside this block applies to this file
+	# Copyright 2023 Google Inc.
+	# Licensed under the Apache License, Version 2.0 (the "License");
+	# you may not use this file except in compliance with the License.
+	# You may obtain a copy of the License at
+	#
+	#     http://www.apache.org/licenses/LICENSE-2.0
+	#
+	# Unless required by applicable law or agreed to in writing, software
+	# distributed under the License is distributed on an "AS IS" BASIS,
+	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	# See the License for the specific language governing permissions and
+	# limitations under the License.
+-%>
+func expand<%= prefix -%><%= titlelize_property(property) -%>(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	if v == nil {
+		return nil, nil
+	}
+
+	if d.Get("is_secret_data_base64").(bool) {
+		return v, nil
+	}
+	return base64.StdEncoding.EncodeToString([]byte(v.(string))), nil
+}
diff --git a/mmv1/templates/terraform/custom_flatten/secret_version_access.go.erb b/mmv1/templates/terraform/custom_flatten/secret_version_access.go.erb
@@ -45,10 +45,14 @@ func flatten<%= prefix -%><%= titlelize_property(property) -%>(v interface{}, d
 		return err
 	}
 
-	data, err := base64.StdEncoding.DecodeString(accessRes["payload"].(map[string]interface{})["data"].(string))
-	if err != nil {
-		return err
+	if d.Get("is_secret_data_base64").(bool) {
+		transformed["secret_data"] = accessRes["payload"].(map[string]interface{})["data"].(string)
+	} else {
+		data, err := base64.StdEncoding.DecodeString(accessRes["payload"].(map[string]interface{})["data"].(string))
+		if err != nil {
+			return err
+		}
+		transformed["secret_data"] = string(data)
 	}
-	transformed["secret_data"] = string(data)
 	return []interface{}{transformed}
 }
diff --git a/mmv1/templates/terraform/examples/secret_version_with_base64_string_secret_data.tf.erb b/mmv1/templates/terraform/examples/secret_version_with_base64_string_secret_data.tf.erb
@@ -0,0 +1,18 @@
+resource "google_secret_manager_secret" "secret-basic" {
+  secret_id = "<%= ctx[:vars]['secret_id'] %>"
+
+  replication {
+    user_managed {
+      replicas {
+        location = "us-central1"
+      }
+    }
+  }
+}
+
+resource "google_secret_manager_secret_version" "<%= ctx[:primary_resource_id] %>" {
+  secret = google_secret_manager_secret.secret-basic.id
+
+  is_secret_data_base64 = true
+  secret_data = filebase64("<%= ctx[:vars]['data'] %>")
+}
diff --git a/mmv1/templates/terraform/extra_schema_entry/secret_version_is_secret_data_base64.go.erb b/mmv1/templates/terraform/extra_schema_entry/secret_version_is_secret_data_base64.go.erb
@@ -0,0 +1,21 @@
+<%# The license inside this block applies to this file.
+	# Copyright 2023 Google Inc.
+	# Licensed under the Apache License, Version 2.0 (the "License");
+	# you may not use this file except in compliance with the License.
+	# You may obtain a copy of the License at
+	#
+	#     http://www.apache.org/licenses/LICENSE-2.0
+	#
+	# Unless required by applicable law or agreed to in writing, software
+	# distributed under the License is distributed on an "AS IS" BASIS,
+	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	# See the License for the specific language governing permissions and
+	# limitations under the License.
+-%>
+"is_secret_data_base64": {
+	Type:        schema.TypeBool,
+	Optional:    true,
+	ForceNew:    true,
+	Default:     false,
+	Description: `If set to 'true', the secret data is expected to be base64-encoded string and would be sent as is.`,
+},
diff --git a/mmv1/templates/terraform/pre_read/secret_version_is_secret_data_base64.go.erb b/mmv1/templates/terraform/pre_read/secret_version_is_secret_data_base64.go.erb
@@ -0,0 +1,20 @@
+<%# The license inside this block applies to this file.
+	# Copyright 2023 Google Inc.
+	# Licensed under the Apache License, Version 2.0 (the "License");
+	# you may not use this file except in compliance with the License.
+	# You may obtain a copy of the License at
+	#
+	#     http://www.apache.org/licenses/LICENSE-2.0
+	#
+	# Unless required by applicable law or agreed to in writing, software
+	# distributed under the License is distributed on an "AS IS" BASIS,
+	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	# See the License for the specific language governing permissions and
+	# limitations under the License.
+-%>
+// Explicitly set the field to default value if unset
+if _, ok := d.GetOkExists("is_secret_data_base64"); !ok {
+	if err := d.Set("is_secret_data_base64", false); err != nil {
+		return fmt.Errorf("Error setting is_secret_data_base64: %s", err)
+	}
+}
diff --git a/mmv1/third_party/terraform/services/secretmanager/test-fixtures/binary-file.pfx b/mmv1/third_party/terraform/services/secretmanager/test-fixtures/binary-file.pfx