secrethub · florisvdg · Feb 25, 2019 · Feb 15, 2019 · Feb 15, 2019 · Feb 18, 2019
diff --git a/go.mod b/go.mod
@@ -3,8 +3,6 @@ module github.com/keylockerbv/terraform-provider-secrethub
 require (
 	github.com/apparentlymart/go-cidr v1.0.0 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
-	github.com/certifi/gocertifi v0.0.0-20190105021004-abcd57078448 // indirect
-	github.com/go-chi/chi v4.0.1+incompatible // indirect
 	github.com/hashicorp/go-getter v1.0.1 // indirect
 	github.com/hashicorp/go-hclog v0.0.0-20190109152822-4783caec6f2e // indirect
 	github.com/hashicorp/go-plugin v0.0.0-20190129155509-362c99b11937 // indirect
@@ -15,13 +13,11 @@ require (
 	github.com/hashicorp/hil v0.0.0-20190129155652-59d7c1fee952 // indirect
 	github.com/hashicorp/logutils v1.0.0 // indirect
 	github.com/hashicorp/terraform v0.11.11
-	github.com/keylockerbv/secrethub-go v0.0.0-20190213150736-839e23269a25
+	github.com/keylockerbv/secrethub-go v0.0.0-20190215145344-c5428f8d99f3
 	github.com/mitchellh/cli v1.0.0 // indirect
 	github.com/mitchellh/copystructure v1.0.0 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/mitchellh/hashstructure v1.0.0 // indirect
-	github.com/pkg/errors v0.8.1 // indirect
 	github.com/zclconf/go-cty v0.0.0-20190130221141-d7fe3fa0020f // indirect
-	golang.org/x/crypto v0.0.0-20190211182817-74369b46fc67 // indirect
 	golang.org/x/net v0.0.0-20190125091013-d26f9f9a57f3 // indirect
 )
diff --git a/go.sum b/go.sum
@@ -21,8 +21,6 @@ github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kB
 github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ=
 github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
 github.com/bsm/go-vlq v0.0.0-20150828105119-ec6e8d4f5f4e/go.mod h1:N+BjUcTjSxc2mtRGSCPsat1kze3CUtvJN3/jTXlp29k=
-github.com/certifi/gocertifi v0.0.0-20180905225744-ee1a9a0726d2 h1:MmeatFT1pTPSVb4nkPmBFN/LRZ97vPjsFKsZrU3KKTs=
-github.com/certifi/gocertifi v0.0.0-20180905225744-ee1a9a0726d2/go.mod h1:GJKEexRPVJrBSOjoqN5VNOIKJ5Q3RViH6eu3puDRwx4=
 github.com/certifi/gocertifi v0.0.0-20190105021004-abcd57078448 h1:8tNk6SPXzLDnATTrWoI5Bgw9s/x4uf0kmBpk21NZgI4=
 github.com/certifi/gocertifi v0.0.0-20190105021004-abcd57078448/go.mod h1:GJKEexRPVJrBSOjoqN5VNOIKJ5Q3RViH6eu3puDRwx4=
 github.com/cheggaaa/pb v1.0.27/go.mod h1:pQciLPpbU0oxA0h+VJYYLxO+XeDQb5pZijXscXHm81s=
@@ -36,8 +34,6 @@ github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5Kwzbycv
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/getsentry/raven-go v0.2.0 h1:no+xWJRb5ZI7eE8TWgIq1jLulQiIoLG0IfYxv5JYMGs=
 github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49PX4NzFV5kcQ=
-github.com/go-chi/chi v3.3.3+incompatible h1:KHkmBEMNkwKuK4FdQL7N2wOeB9jnIx7jR5wsuSBEFI8=
-github.com/go-chi/chi v3.3.3+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ=
 github.com/go-chi/chi v4.0.1+incompatible h1:RSRC5qmFPtO90t7pTL0DBMNpZFsb/sHF3RXVlDgFisA=
 github.com/go-chi/chi v4.0.1+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ=
 github.com/go-test/deep v1.0.1 h1:UQhStjbkDClarlmv0am7OXXO4/GaPdCGiUiMTvi28sg=
@@ -89,11 +85,12 @@ github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpO
 github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
 github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8 h1:12VvqtR6Aowv3l/EQUlocDHW2Cp4G9WJVH7uyH8QFJE=
 github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
-github.com/keylockerbv/secrethub-go v0.0.0-20190213150736-839e23269a25 h1:1fsFRQgt9AU8Muf9LSVEWiHrFpJ1XySXHY2sTVjtClk=
-github.com/keylockerbv/secrethub-go v0.0.0-20190213150736-839e23269a25/go.mod h1:tabojhZpymkSNSayXvZpSujl76grAdEDZeZT8kwR92A=
+github.com/keylockerbv/secrethub-go v0.0.0-20190215145344-c5428f8d99f3 h1:RtvtlNoLBemFQLa2HAKkP0LpsaQETkYW5VbfrJRrFZ0=
+github.com/keylockerbv/secrethub-go v0.0.0-20190215145344-c5428f8d99f3/go.mod h1:U086plZMagUfy92G4DgCsRAns20Q5j+Rf8bYDXiDxMw=
 github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/pty v1.1.3/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348 h1:MtvEpTB6LX3vkb4ax0b5D2DHbNAUsen0Gx5wZoq3lV4=
@@ -129,8 +126,6 @@ github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+W
 github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
 github.com/op/go-logging v0.0.0-20160315200505-970db520ece7 h1:lDH9UUVJtmYCjyT0CI4q8xvlXPxeZ0gYCVvWbmPlp88=
 github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk=
-github.com/pkg/errors v0.8.0 h1:WdK/asTD0HN+q6hsWO3/vpuAkAr+tw6aNJNDFFf0+qw=
-github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
@@ -153,7 +148,6 @@ github.com/zclconf/go-cty v0.0.0-20190124225737-a385d646c1e9/go.mod h1:xnAOWiHeO
 github.com/zclconf/go-cty v0.0.0-20190130221141-d7fe3fa0020f h1:QdzpIo5V8FV8SHsXCXpgSXOquZEF7YozbNcYnEnGZvA=
 github.com/zclconf/go-cty v0.0.0-20190130221141-d7fe3fa0020f/go.mod h1:xnAOWiHeOqg2nWS62VtQ7pbOu17FtxJNW8RLEih+O3s=
 golang.org/x/crypto v0.0.0-20180816225734-aabede6cba87/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190211182817-74369b46fc67 h1:ng3VDlRp5/DHpSWl02R4rM9I+8M2rhmsuLwAMmkLQWE=
 golang.org/x/crypto v0.0.0-20190211182817-74369b46fc67/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/net v0.0.0-20180811021610-c39426892332/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=

diff --git a/secrethub/data_source_secret.go b/secrethub/data_source_secret.go
@@ -0,0 +1,69 @@
+package secrethub
+
+import (
+	"github.com/hashicorp/terraform/helper/schema"
+)
+
+func dataSourceSecret() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceSecretRead,
+		Schema: map[string]*schema.Schema{
+			"path": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "The path where the secret is stored.",
+			},
+			"path_prefix": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "Overrides the `path_prefix` defined in the provider.",
+			},
+			"version": {
+				Type:        schema.TypeInt,
+				Optional:    true,
+				Computed:    true,
+				Description: "The version of the secret. Defaults to the latest.",
+			},
+			"data": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Sensitive:   true,
+				Description: "The secret contents.",
+			},
+		},
+	}
+}
+
+func dataSourceSecretRead(d *schema.ResourceData, m interface{}) error {
+	provider := m.(providerMeta)
+	client := *provider.client
+
+	path, err := getSecretPath(d, &provider)
+	if err != nil {
+		return err
+	}
+
+	remote, err := client.Secrets().Get(path)
+	if err != nil {
+		return err
+	}
+
+	version := d.Get("version").(int)
+	if version == 0 {
+		d.Set("version", remote.LatestVersion)
+	}
+
+	if d.Get("data") == "" || d.Get("version") != remote.LatestVersion {
+		// Only fetch the secret contents if it hasn't been fetched before or if the version is out of sync
+		updated, err := client.Secrets().Versions().GetWithData(path)
+		if err != nil {
+			return err
+		}
+		d.Set("data", string(updated.Data))
+		d.Set("version", updated.Version)
+	}
+
+	d.SetId(string(path))
+
+	return nil
+}
diff --git a/secrethub/data_source_secret_test.go b/secrethub/data_source_secret_test.go
@@ -0,0 +1,82 @@
+package secrethub
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform/helper/resource"
+)
+
+func TestAccDataSourceSecret_absPath(t *testing.T) {
+	config := fmt.Sprintf(`
+		provider "secrethub" {
+			credential = "${file("~/.secrethub/credential")}"
+		}
+
+		resource "secrethub_secret" "%v" {
+			path = "%v"
+			data = "secretpassword"
+		}
+
+		data "secrethub_secret" "%v" {
+			path = "${secrethub_secret.%v.path}"
+		}
+	`, testAcc.secretName, testAcc.path, testAcc.secretName, testAcc.secretName)
+
+	resource.Test(t, resource.TestCase{
+		Providers: testAccProviders,
+		PreCheck:  testAccPreCheck(t),
+		Steps: []resource.TestStep{
+			{
+				Config: config,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(
+						fmt.Sprintf("data.secrethub_secret.%v", testAcc.secretName),
+						"path",
+						string(testAcc.path),
+					),
+					resource.TestCheckResourceAttr(
+						fmt.Sprintf("data.secrethub_secret.%v", testAcc.secretName),
+						"data",
+						"secretpassword",
+					),
+				),
+			},
+		},
+	})
+}
+
+func TestAccDataSourceSecret_prefPath(t *testing.T) {
+	config := fmt.Sprintf(`
+		provider "secrethub" {
+			credential = "${file("~/.secrethub/credential")}"
+			path_prefix = "%v/%v"
+		}
+
+		resource "secrethub_secret" "%v" {
+			path = "%v"
+			data = "secretpassword"
+		}
+
+		data "secrethub_secret" "%v" {
+			path = "${secrethub_secret.%v.path}"
+		}
+	`, testAcc.namespace, testAcc.repository, testAcc.secretName, testAcc.secretName, testAcc.secretName, testAcc.secretName)
+
+	resource.Test(t, resource.TestCase{
+		Providers: testAccProviders,
+		PreCheck:  testAccPreCheck(t),
+		Steps: []resource.TestStep{
+			{
+				Config: config,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(
+						fmt.Sprintf("data.secrethub_secret.%v", testAcc.secretName),
+						"data",
+						"secretpassword",
+					),
+				),
+			},
+		},
+	})
+}
diff --git a/secrethub/provider.go b/secrethub/provider.go
@@ -30,18 +30,17 @@ func Provider() terraform.ResourceProvider {
 		ResourcesMap: map[string]*schema.Resource{
 			"secrethub_secret": resourceSecret(),
 		},
+		DataSourcesMap: map[string]*schema.Resource{
+			"secrethub_secret": dataSourceSecret(),
+		},
 	}
 }
 
 func configureProvider(d *schema.ResourceData) (interface{}, error) {
 	credRaw := d.Get("credential").(string)
-	parser := secrethub.NewCredentialParser(secrethub.DefaultCredentialDecoders)
-	parsed, err := parser.Parse(credRaw)
-	if err != nil {
-		return nil, err
-	}
+	passphrase := d.Get("credential_passphrase").(string)
 
-	cred, err := parsed.Decode()
+	cred, err := secrethub.NewCredential(credRaw, passphrase)
 	if err != nil {
 		return nil, err
 	}

diff --git a/secrethub/provider_test.go b/secrethub/provider_test.go
@@ -1,11 +1,63 @@
 package secrethub
 
 import (
+	"fmt"
+	"os"
 	"testing"
 
 	"github.com/hashicorp/terraform/helper/schema"
+	"github.com/hashicorp/terraform/terraform"
+	"github.com/keylockerbv/secrethub-go/pkg/api"
 )
 
+const (
+	envNamespace = "SECRETHUB_TF_ACC_NAMESPACE"
+	envRepo      = "SECRETHUB_TF_ACC_REPOSITORY"
+)
+
+var testAccProviders map[string]terraform.ResourceProvider
+var testAccProvider *schema.Provider
+var testAcc *testAccValues
+
+type testAccValues struct {
+	namespace  string
+	repository string
+	secretName string
+	path       api.SecretPath
+	pathErr    error
+}
+
+func (testAccValues) validate() error {
+	if testAcc.namespace == "" || testAcc.repository == "" {
+		return fmt.Errorf("the following environment variables need to be set: %v, %v", envNamespace, envRepo)
+	}
+	return testAcc.pathErr
+}
+
+func init() {
+	testAccProvider = Provider().(*schema.Provider)
+	testAccProviders = map[string]terraform.ResourceProvider{
+		"secrethub": testAccProvider,
+	}
+
+	testAcc = &testAccValues{
+		namespace:  os.Getenv(envNamespace),
+		repository: os.Getenv(envRepo),
+		secretName: "test_acc_secret",
+	}
+
+	testAcc.path, testAcc.pathErr = newCompoundSecretPath(testAcc.namespace, testAcc.repository, testAcc.secretName)
+}
+
+func testAccPreCheck(t *testing.T) func() {
+	return func() {
+		err := testAcc.validate()
+		if err != nil {
+			t.Fatal(err)
+		}
+	}
+}
+
 func TestProvider(t *testing.T) {
 	if err := Provider().(*schema.Provider).InternalValidate(); err != nil {
 		t.Fatalf("err: %s", err)