Allow specifying secrets in app resource

docs/index.md

@@ -25,7 +25,7 @@ provider "fly" {
 ### Optional
 
 - `fly_api_token` (String) fly.io api token. If not set checks env for FLY_API_TOKEN
-- `fly_http_endpoint` (String) Where the provider should look to find the fly http endpoint
+- `fly_http_endpoint` (String) Where the clients should look to find the fly http endpoint
 - `internaltunnelorg` (String)
 - `internaltunnelregion` (String)
 - `useinternaltunnel` (Boolean)

docs/resources/app.md

@@ -28,11 +28,24 @@ resource "fly_app" "exampleApp" {
 ### Optional
 
 - `org` (String) Optional org slug to operate upon
+- `secrets` (Attributes Map) Secret environment variables. Keys are case sensitive and are used as environment variable names. Does not override existing secrets added outside of Terraform. (see [below for nested schema](#nestedatt--secrets))
 
 ### Read-Only
 
 - `appurl` (String) readonly appUrl
 - `id` (String) readonly app id
 - `orgid` (String) readonly orgid
 
+<a id="nestedatt--secrets"></a>
+### Nested Schema for `secrets`
+
+Required:
+
+- `value` (String, Sensitive)
+
+Read-Only:
+
+- `created_at` (String)
+- `digest` (String)
+
 

go.mod

@@ -5,7 +5,7 @@ go 1.19
 require (
 	github.com/Khan/genqlient v0.5.0
 	github.com/google/uuid v1.2.0
-	github.com/hashicorp/terraform-plugin-framework v0.11.1
+	github.com/hashicorp/terraform-plugin-framework v0.14.0
 	github.com/hashicorp/terraform-plugin-go v0.14.0
 	github.com/hashicorp/terraform-plugin-log v0.7.0
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.22.0

go.sum

@@ -158,6 +158,14 @@ github.com/hashicorp/terraform-json v0.14.0 h1:sh9iZ1Y8IFJLx+xQiKHGud6/TSUCM0N8e
 github.com/hashicorp/terraform-json v0.14.0/go.mod h1:5A9HIWPkk4e5aeeXIBbkcOvaZbIYnAIkEyqP2pNSckM=
 github.com/hashicorp/terraform-plugin-framework v0.11.1 h1:rq8f+TLDO4tJu+n9mMYlDrcRoIdrg0gTUvV2Jr0Ya24=
 github.com/hashicorp/terraform-plugin-framework v0.11.1/go.mod h1:GENReHOz6GEt8Jk3UN94vk8BdC6irEHFgN3Z9HPhPUU=
+github.com/hashicorp/terraform-plugin-framework v0.12.0 h1:Bk3l5MQUaZoo5eplr+u1FomYqGS564e8Tp3rutnCfYg=
+github.com/hashicorp/terraform-plugin-framework v0.12.0/go.mod h1:wcZdk4+Uef6Ng+BiBJjGAcIPlIs5bhlEV/TA1k6Xkq8=
+github.com/hashicorp/terraform-plugin-framework v0.13.0 h1:tGnqttzZwU3FKc+HasHr2Yi5L81FcQbdc8zQhbBD9jQ=
+github.com/hashicorp/terraform-plugin-framework v0.13.0/go.mod h1:wcZdk4+Uef6Ng+BiBJjGAcIPlIs5bhlEV/TA1k6Xkq8=
+github.com/hashicorp/terraform-plugin-framework v0.14.0 h1:Mwj55u+Jc/QGM6fLBPCe1P+ZF3cuYs6wbCdB15lx/Dg=
+github.com/hashicorp/terraform-plugin-framework v0.14.0/go.mod h1:wcZdk4+Uef6Ng+BiBJjGAcIPlIs5bhlEV/TA1k6Xkq8=
+github.com/hashicorp/terraform-plugin-framework v0.15.0 h1:6f4UY2yfp5UsSX9JhUA6RSptjd+ojStBGWA4jrPhB6Q=
+github.com/hashicorp/terraform-plugin-framework v0.15.0/go.mod h1:wcZdk4+Uef6Ng+BiBJjGAcIPlIs5bhlEV/TA1k6Xkq8=
 github.com/hashicorp/terraform-plugin-go v0.14.0 h1:ttnSlS8bz3ZPYbMb84DpcPhY4F5DsQtcAS7cHo8uvP4=
 github.com/hashicorp/terraform-plugin-go v0.14.0/go.mod h1:2nNCBeRLaenyQEi78xrGrs9hMbulveqG/zDMQSvVJTE=
 github.com/hashicorp/terraform-plugin-log v0.7.0 h1:SDxJUyT8TwN4l5b5/VkiTIaQgY6R+Y2BQ0sRZftGKQs=

graphql/genqlient.graphql

@@ -41,17 +41,34 @@ query GetFullApp($name: String) {
     }
 }
 
+fragment AppFragment on App {
+    id
+    name
+    organization {
+        id
+        slug
+    }
+    secrets {
+        name
+        createdAt
+        digest
+    }
+    appUrl
+    platformVersion
+}
+
+query GetApp($name: String) {
+    # @genqlient(flatten: true)
+    app(name: $name) {
+        ...AppFragment
+    }
+}
+
 mutation CreateAppMutation($name: String, $organizationId: ID!) {
     createApp(input: {name: $name, organizationId: $organizationId}) {
+        # @genqlient(flatten: true)
         app {
-            id
-            name
-            status
-            organization {
-                id
-                slug
-            }
-            appUrl
+            ...AppFragment
         }
     }
 }
@@ -225,7 +242,7 @@ mutation CreatePostgresCluster(
 }
 
 mutation AddWireguardPeer(
-   $input: AddWireGuardPeerInput!
+    $input: AddWireGuardPeerInput!
 ) {
     addWireGuardPeer(input: $input) {
         network
@@ -245,8 +262,30 @@ mutation RemoveWireguardPeer(
     }
 }
 
+query GetSecrets($name: String!) {
+    app(name: $name) {
+        secrets {
+            name
+            digest
+            createdAt
+        }
+    }
+}
+
 mutation SetSecrets($input: SetSecretsInput!) {
     setSecrets(input: $input) {
+        app {
+            secrets {
+                name
+                digest
+                createdAt
+            }
+        }
+    }
+}
+
+mutation UnsetSecrets($appId: ID!, $keys: [String!]!) {
+    unsetSecrets(input: {appId: $appId, keys: $keys}) {
         release {
             id
         }
@@ -257,4 +296,4 @@ query Organization($slug: String) {
     organization(slug: $slug) {
         id
     }
-}
+}

graphql/genqlient.yaml

@@ -6,4 +6,6 @@ operations:
 bindings:
   JSON:
     type: interface{}
+  ISO8601DateTime:
+    type: time.Time
 generated: generated.go

internal/provider/app_data_source.go

@@ -2,21 +2,14 @@ package provider
 
 import (
 	"context"
-
 	"github.com/fly-apps/terraform-provider-fly/graphql"
 	"github.com/hashicorp/terraform-plugin-framework/datasource"
 	"github.com/hashicorp/terraform-plugin-framework/diag"
 	"github.com/hashicorp/terraform-plugin-framework/tfsdk"
 	"github.com/hashicorp/terraform-plugin-framework/types"
-
-	tfsdkprovider "github.com/hashicorp/terraform-plugin-framework/provider"
 )
 
-// Ensure provider defined types fully satisfy framework interfaces
-var _ tfsdkprovider.DataSourceType = appDataSourceType{}
-var _ datasource.DataSource = appDataSource{}
-
-type appDataSourceType struct{}
+var _ datasource.DataSourceWithConfigure = &appDataSource{}
 
 // Matches getSchema
 type appDataSourceOutput struct {
@@ -32,7 +25,11 @@ type appDataSourceOutput struct {
 	//Secrets        types.Map    `tfsdk:"secrets"`
 }
 
-func (a appDataSourceType) GetSchema(ctx context.Context) (tfsdk.Schema, diag.Diagnostics) {
+func (d appDataSource) Metadata(_ context.Context, _ datasource.MetadataRequest, resp *datasource.MetadataResponse) {
+	resp.TypeName = "fly_app"
+}
+
+func (appDataSource) GetSchema(context.Context) (tfsdk.Schema, diag.Diagnostics) {
 	return tfsdk.Schema{
 		MarkdownDescription: "Retrieve info about graphql app",
 
@@ -78,12 +75,8 @@ func (a appDataSourceType) GetSchema(ctx context.Context) (tfsdk.Schema, diag.Di
 	}, nil
 }
 
-func (a appDataSourceType) NewDataSource(ctx context.Context, in tfsdkprovider.Provider) (datasource.DataSource, diag.Diagnostics) {
-	provider, diags := convertProviderType(in)
-
-	return appDataSource{
-		provider: provider,
-	}, diags
+func newAppDataSource() datasource.DataSource {
+	return &appDataSource{}
 }
 
 func (d appDataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) {
@@ -98,7 +91,7 @@ func (d appDataSource) Read(ctx context.Context, req datasource.ReadRequest, res
 
 	appName := data.Name.Value
 
-	queryresp, err := graphql.GetFullApp(context.Background(), *d.provider.client, appName)
+	queryresp, err := graphql.GetFullApp(context.Background(), d.gqlClient, appName)
 	if err != nil {
 		resp.Diagnostics.AddError("Query failed", err.Error())
 	}