Merge pull request #41106 from hashicorp/f-ephemeral_random_password

[new ephemeral resource] aws_secretsmanager_random_password

.changelog/41106.txt

@@ -0,0 +1,3 @@
+```release-note:new-ephemeral
+aws_secretsmanager_random_password
+```

internal/service/secretsmanager/random_password_ephemeral.go

@@ -0,0 +1,110 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package secretsmanager
+
+import (
+	"context"
+
+	"github.com/aws/aws-sdk-go-v2/service/secretsmanager"
+	"github.com/hashicorp/terraform-plugin-framework/ephemeral"
+	"github.com/hashicorp/terraform-plugin-framework/ephemeral/schema"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-provider-aws/internal/create"
+	"github.com/hashicorp/terraform-provider-aws/internal/framework"
+	fwflex "github.com/hashicorp/terraform-provider-aws/internal/framework/flex"
+	"github.com/hashicorp/terraform-provider-aws/names"
+)
+
+// @EphemeralResource("aws_secretsmanager_random_password", name="Random Password")
+func newEphemeralRandomPassword(context.Context) (ephemeral.EphemeralResourceWithConfigure, error) {
+	return &ephemeralRandomPassword{}, nil
+}
+
+const (
+	ERNameRandomPassword = "Random Password Ephemeral Resource"
+)
+
+type ephemeralRandomPassword struct {
+	framework.EphemeralResourceWithConfigure
+}
+
+func (e *ephemeralRandomPassword) Metadata(_ context.Context, req ephemeral.MetadataRequest, resp *ephemeral.MetadataResponse) {
+	resp.TypeName = "aws_secretsmanager_random_password"
+}
+
+func (e *ephemeralRandomPassword) Schema(ctx context.Context, req ephemeral.SchemaRequest, resp *ephemeral.SchemaResponse) {
+	resp.Schema = schema.Schema{
+		Attributes: map[string]schema.Attribute{
+			"exclude_characters": schema.BoolAttribute{
+				Optional: true,
+			},
+			"exclude_lowercase": schema.BoolAttribute{
+				Optional: true,
+			},
+			"exclude_numbers": schema.BoolAttribute{
+				Optional: true,
+			},
+			"exclude_punctuation": schema.BoolAttribute{
+				Optional: true,
+			},
+			"exclude_uppercase": schema.BoolAttribute{
+				Optional: true,
+			},
+			"include_space": schema.BoolAttribute{
+				Optional: true,
+			},
+			"password_length": schema.Int64Attribute{
+				Optional: true,
+			},
+			"require_each_included_type": schema.BoolAttribute{
+				Optional: true,
+			},
+			"random_password": schema.StringAttribute{
+				Computed:  true,
+				Sensitive: true,
+			},
+		},
+	}
+}
+
+func (e *ephemeralRandomPassword) Open(ctx context.Context, req ephemeral.OpenRequest, resp *ephemeral.OpenResponse) {
+	conn := e.Meta().SecretsManagerClient(ctx)
+
+	var data ephemeralRandomPasswordModel
+	resp.Diagnostics.Append(req.Config.Get(ctx, &data)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	input := secretsmanager.GetRandomPasswordInput{}
+	resp.Diagnostics.Append(fwflex.Expand(ctx, data, &input)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	output, err := conn.GetRandomPassword(ctx, &input)
+	if err != nil {
+		resp.Diagnostics.AddError(
+			create.ProblemStandardMessage(names.SecretsManager, create.ErrActionOpening, ERNameRandomPassword, "", err),
+			err.Error(),
+		)
+		return
+	}
+
+	data.RandomPassword = fwflex.StringToFramework(ctx, output.RandomPassword)
+
+	resp.Diagnostics.Append(resp.Result.Set(ctx, &data)...)
+}
+
+type ephemeralRandomPasswordModel struct {
+	ExcludeCharacters       types.Bool   `tfsdk:"exclude_characters"`
+	ExcludeLowercase        types.Bool   `tfsdk:"exclude_lowercase"`
+	ExcludeNumbers          types.Bool   `tfsdk:"exclude_numbers"`
+	ExcludePunctuation      types.Bool   `tfsdk:"exclude_punctuation"`
+	ExcludeUppercase        types.Bool   `tfsdk:"exclude_uppercase"`
+	IncludeSpace            types.Bool   `tfsdk:"include_space"`
+	PasswordLength          types.Int64  `tfsdk:"password_length"`
+	RandomPassword          types.String `tfsdk:"random_password"`
+	RequireEachIncludedType types.Bool   `tfsdk:"require_each_included_type"`
+}

internal/service/secretsmanager/random_password_ephemeral_test.go

@@ -0,0 +1,56 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package secretsmanager_test
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+	"github.com/hashicorp/terraform-plugin-testing/knownvalue"
+	"github.com/hashicorp/terraform-plugin-testing/statecheck"
+	"github.com/hashicorp/terraform-plugin-testing/tfjsonpath"
+	"github.com/hashicorp/terraform-plugin-testing/tfversion"
+	"github.com/hashicorp/terraform-provider-aws/internal/acctest"
+	"github.com/hashicorp/terraform-provider-aws/names"
+)
+
+func TestAccSecretsManagerRandomPasswordEphemeral_basic(t *testing.T) {
+	ctx := acctest.Context(t)
+	if testing.Short() {
+		t.Skip("skipping long-running test in short mode")
+	}
+
+	echoResourceName := "echo.test"
+	dataPath := tfjsonpath.New("data")
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			acctest.PreCheck(ctx, t)
+			testAccPreCheck(ctx, t)
+		},
+		ErrorCheck: acctest.ErrorCheck(t, names.SecretsManagerServiceID),
+		TerraformVersionChecks: []tfversion.TerraformVersionCheck{
+			tfversion.SkipBelow(tfversion.Version1_10_0),
+		},
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		ProtoV6ProviderFactories: acctest.ProtoV6ProviderFactories(ctx, acctest.ProviderNameEcho),
+		CheckDestroy:             acctest.CheckDestroyNoop,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccRandomPasswordEphemeralResourceConfig_basic(),
+				ConfigStateChecks: []statecheck.StateCheck{
+					statecheck.ExpectKnownValue(echoResourceName, dataPath.AtMapKey("random_password"), knownvalue.NotNull()),
+				},
+			},
+		},
+	})
+}
+
+func testAccRandomPasswordEphemeralResourceConfig_basic() string {
+	return acctest.ConfigCompose(
+		acctest.ConfigWithEchoProvider("ephemeral.aws_secretsmanager_random_password.test"),
+		`
+ephemeral "aws_secretsmanager_random_password" "test" {}
+`)
+}

website/docs/ephemeral-resources/secretsmanager_random_password.html.markdown

@@ -0,0 +1,38 @@
+---
+subcategory: "Secrets Manager"
+layout: "aws"
+page_title: "AWS: aws_secretsmanager_random_password"
+description: |-
+  Terraform ephemeral resource for managing an AWS Secrets Manager Random Password.
+---
+
+# Ephemeral: aws_secretsmanager_random_password
+
+Terraform ephemeral resource for managing an AWS Secrets Manager Random Password.
+
+## Example Usage
+
+### Basic Usage
+
+```terraform
+ephemeral "aws_secretsmanager_random_password" "example" {}
+```
+
+## Argument Reference
+
+The following arguments are optional:
+
+* `exclude_characters` - (Optional) String of the characters that you don't want in the password.
+* `exclude_lowercase` - (Optional) Specifies whether to exclude lowercase letters from the password.
+* `exclude_numbers` - (Optional) Specifies whether to exclude numbers from the password.
+* `exclude_punctuation` - (Optional) Specifies whether to exclude the following punctuation characters from the password: ``! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~ .``
+* `exclude_uppercase` - (Optional) Specifies whether to exclude uppercase letters from the password.
+* `include_space` - (Optional) Specifies whether to include the space character.
+* `password_length` - (Optional) Length of the password.
+* `require_each_included_type` - (Optional) Specifies whether to include at least one upper and lowercase letter, one number, and one punctuation.
+
+## Attribute Reference
+
+This resource exports the following attributes in addition to the arguments above:
+
+* `random_password` - Random password.