Bugs fixes for Secrets Manager (#5008)

* SC addition * SC addition * SC addition * update function updated * SC unit tests added * SC unit tests added * d * tests fixes * tests fixes * update sdk * .secrets.baseline update * .secrets.baseline update * .secrets.baseline update * Update sm_service_credentials_secret_metadata.html.markdown * bugs fixes * bugs fixes * bugs fixes --------- Co-authored-by: Yonathan-Yellin <[email protected]> Co-authored-by: Avi Ribchinsky <[email protected]> Co-authored-by: Tatyana <[email protected]> Co-authored-by: Idan Adar <[email protected]>
IBM-Cloud · Dec 29, 2023 · ab4912c · ab4912c
1 parent f2f674e
commit ab4912c
Show file tree

Hide file tree

Showing 19 changed files with 42 additions and 92 deletions.
diff --git a/.secrets.baseline b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "go.mod|go.sum|.*.map|^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2023-12-20T09:37:58Z",
+  "generated_at": "2023-12-26T12:35:45Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -3224,15 +3224,15 @@
         "hashed_secret": "3046d9f6cfaaeea6eed9bb7a4ab010fe49b0cfd4",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 185,
+        "line_number": 180,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "b732fb611fd46a38e8667f9972e0cde777fbe37f",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 312,
+        "line_number": 307,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -3250,7 +3250,7 @@
         "hashed_secret": "b732fb611fd46a38e8667f9972e0cde777fbe37f",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 291,
+        "line_number": 286,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -3298,15 +3298,15 @@
         "hashed_secret": "3046d9f6cfaaeea6eed9bb7a4ab010fe49b0cfd4",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 235,
+        "line_number": 230,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "b732fb611fd46a38e8667f9972e0cde777fbe37f",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 414,
+        "line_number": 409,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -3510,15 +3510,15 @@
         "hashed_secret": "3046d9f6cfaaeea6eed9bb7a4ab010fe49b0cfd4",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 162,
+        "line_number": 157,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "b732fb611fd46a38e8667f9972e0cde777fbe37f",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 278,
+        "line_number": 273,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -3556,23 +3556,23 @@
         "hashed_secret": "3046d9f6cfaaeea6eed9bb7a4ab010fe49b0cfd4",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 204,
+        "line_number": 198,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "108b310facc1a193833fc2971fd83081f775ea0c",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 395,
+        "line_number": 389,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "b732fb611fd46a38e8667f9972e0cde777fbe37f",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 398,
+        "line_number": 392,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -3636,15 +3636,15 @@
         "hashed_secret": "3046d9f6cfaaeea6eed9bb7a4ab010fe49b0cfd4",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 298,
+        "line_number": 297,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "b732fb611fd46a38e8667f9972e0cde777fbe37f",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 539,
+        "line_number": 538,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -3831,6 +3831,24 @@
         "verified_result": null
       }
     ],
+    "ibm/service/secretsmanager/resource_ibm_sm_service_credentilas_secret.go": [
+      {
+        "hashed_secret": "3046d9f6cfaaeea6eed9bb7a4ab010fe49b0cfd4",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 190,
+        "type": "Secret Keyword",
+        "verified_result": null
+      },
+      {
+        "hashed_secret": "b732fb611fd46a38e8667f9972e0cde777fbe37f",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 443,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
     "ibm/service/secretsmanager/resource_ibm_sm_username_password_secret.go": [
       {
         "hashed_secret": "3046d9f6cfaaeea6eed9bb7a4ab010fe49b0cfd4",
@@ -4736,15 +4754,15 @@
         "hashed_secret": "d47dcacc720a39e236679ac3e311a0d58bb6519e",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 128,
+        "line_number": 127,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "e66e7d67fdf3c596c435fc7828b13205e4950a0f",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 130,
+        "line_number": 129,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -4790,15 +4808,15 @@
         "hashed_secret": "d47dcacc720a39e236679ac3e311a0d58bb6519e",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 148,
+        "line_number": 147,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "e66e7d67fdf3c596c435fc7828b13205e4950a0f",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 150,
+        "line_number": 149,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -4844,15 +4862,15 @@
         "hashed_secret": "d47dcacc720a39e236679ac3e311a0d58bb6519e",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 137,
+        "line_number": 139,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "e66e7d67fdf3c596c435fc7828b13205e4950a0f",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 139,
+        "line_number": 141,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -5010,15 +5028,15 @@
         "hashed_secret": "d47dcacc720a39e236679ac3e311a0d58bb6519e",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 122,
+        "line_number": 121,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "e66e7d67fdf3c596c435fc7828b13205e4950a0f",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 124,
+        "line_number": 123,
         "type": "Secret Keyword",
         "verified_result": null
       }

diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_iam_credentials_secret.go b/ibm/service/secretsmanager/data_source_ibm_sm_iam_credentials_secret.go
@@ -169,11 +169,6 @@ func DataSourceIbmSmIamCredentialsSecret() *schema.Resource {
 							Computed:    true,
 							Description: "The units for the secret rotation time interval.",
 						},
-						"rotate_keys": &schema.Schema{
-							Type:        schema.TypeBool,
-							Computed:    true,
-							Description: "Determines whether Secrets Manager rotates the private key for your public certificate automatically.Default is `false`. If it is set to `true`, the service generates and stores a new private key for your rotated certificate.",
-						},
 					},
 				},
 			},
@@ -330,9 +325,6 @@ func dataSourceIbmSmIamCredentialsSecretRotationPolicyToMap(model secretsmanager
 		if model.Unit != nil {
 			modelMap["unit"] = *model.Unit
 		}
-		if model.RotateKeys != nil {
-			modelMap["rotate_keys"] = *model.RotateKeys
-		}
 		return modelMap, nil
 	} else {
 		return nil, fmt.Errorf("Unrecognized secretsmanagerv2.RotationPolicyIntf subtype encountered")

diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_iam_credentials_secret_metadata.go b/ibm/service/secretsmanager/data_source_ibm_sm_iam_credentials_secret_metadata.go
@@ -161,11 +161,6 @@ func DataSourceIbmSmIamCredentialsSecretMetadata() *schema.Resource {
 							Computed:    true,
 							Description: "The units for the secret rotation time interval.",
 						},
-						"rotate_keys": &schema.Schema{
-							Type:        schema.TypeBool,
-							Computed:    true,
-							Description: "Determines whether Secrets Manager rotates the private key for your public certificate automatically.Default is `false`. If it is set to `true`, the service generates and stores a new private key for your rotated certificate.",
-						},
 					},
 				},
 			},
@@ -325,9 +320,6 @@ func dataSourceIbmSmIamCredentialsSecretMetadataRotationPolicyToMap(model secret
 		if model.Unit != nil {
 			modelMap["unit"] = *model.Unit
 		}
-		if model.RotateKeys != nil {
-			modelMap["rotate_keys"] = *model.RotateKeys
-		}
 		return modelMap, nil
 	} else {
 		return nil, fmt.Errorf("Unrecognized secretsmanagerv2.RotationPolicyIntf subtype encountered")

diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate.go b/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate.go
@@ -184,11 +184,6 @@ func DataSourceIbmSmPrivateCertificate() *schema.Resource {
 							Computed:    true,
 							Description: "The units for the secret rotation time interval.",
 						},
-						"rotate_keys": &schema.Schema{
-							Type:        schema.TypeBool,
-							Computed:    true,
-							Description: "Determines whether Secrets Manager rotates the private key for your public certificate automatically.Default is `false`. If it is set to `true`, the service generates and stores a new private key for your rotated certificate.",
-						},
 					},
 				},
 			},
@@ -436,9 +431,6 @@ func dataSourceIbmSmPrivateCertificateRotationPolicyToMap(model secretsmanagerv2
 		if model.Unit != nil {
 			modelMap["unit"] = *model.Unit
 		}
-		if model.RotateKeys != nil {
-			modelMap["rotate_keys"] = *model.RotateKeys
-		}
 		return modelMap, nil
 	} else {
 		return nil, fmt.Errorf("Unrecognized secretsmanagerv2.RotationPolicyIntf subtype encountered")

diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_metadata.go b/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_metadata.go
@@ -176,11 +176,6 @@ func DataSourceIbmSmPrivateCertificateMetadata() *schema.Resource {
 							Computed:    true,
 							Description: "The units for the secret rotation time interval.",
 						},
-						"rotate_keys": &schema.Schema{
-							Type:        schema.TypeBool,
-							Computed:    true,
-							Description: "Determines whether Secrets Manager rotates the private key for your public certificate automatically.Default is `false`. If it is set to `true`, the service generates and stores a new private key for your rotated certificate.",
-						},
 					},
 				},
 			},
@@ -403,9 +398,6 @@ func dataSourceIbmSmPrivateCertificateMetadataRotationPolicyToMap(model secretsm
 		if model.Unit != nil {
 			modelMap["unit"] = *model.Unit
 		}
-		if model.RotateKeys != nil {
-			modelMap["rotate_keys"] = *model.RotateKeys
-		}
 		return modelMap, nil
 	} else {
 		return nil, fmt.Errorf("Unrecognized secretsmanagerv2.RotationPolicyIntf subtype encountered")

diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_username_password_secret.go b/ibm/service/secretsmanager/data_source_ibm_sm_username_password_secret.go
@@ -136,11 +136,6 @@ func DataSourceIbmSmUsernamePasswordSecret() *schema.Resource {
 							Computed:    true,
 							Description: "The units for the secret rotation time interval.",
 						},
-						"rotate_keys": &schema.Schema{
-							Type:        schema.TypeBool,
-							Computed:    true,
-							Description: "Determines whether Secrets Manager rotates the private key for your public certificate automatically.Default is `false`. If it is set to `true`, the service generates and stores a new private key for your rotated certificate.",
-						},
 					},
 				},
 			},
@@ -296,9 +291,6 @@ func dataSourceIbmSmUsernamePasswordSecretRotationPolicyToMap(model secretsmanag
 		if model.Unit != nil {
 			modelMap["unit"] = *model.Unit
 		}
-		if model.RotateKeys != nil {
-			modelMap["rotate_keys"] = *model.RotateKeys
-		}
 		return modelMap, nil
 	} else {
 		return nil, fmt.Errorf("Unrecognized secretsmanagerv2.RotationPolicyIntf subtype encountered")

diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_username_password_secret_metadata.go b/ibm/service/secretsmanager/data_source_ibm_sm_username_password_secret_metadata.go
@@ -128,11 +128,6 @@ func DataSourceIbmSmUsernamePasswordSecretMetadata() *schema.Resource {
 							Computed:    true,
 							Description: "The units for the secret rotation time interval.",
 						},
-						"rotate_keys": &schema.Schema{
-							Type:        schema.TypeBool,
-							Computed:    true,
-							Description: "Determines whether Secrets Manager rotates the private key for your public certificate automatically.Default is `false`. If it is set to `true`, the service generates and stores a new private key for your rotated certificate.",
-						},
 					},
 				},
 			},
@@ -282,9 +277,6 @@ func dataSourceIbmSmUsernamePasswordSecretMetadataRotationPolicyToMap(model secr
 		if model.Unit != nil {
 			modelMap["unit"] = *model.Unit
 		}
-		if model.RotateKeys != nil {
-			modelMap["rotate_keys"] = *model.RotateKeys
-		}
 		return modelMap, nil
 	} else {
 		return nil, fmt.Errorf("Unrecognized secretsmanagerv2.RotationPolicyIntf subtype encountered")

diff --git a/ibm/service/secretsmanager/resource_ibm_sm_iam_credentials_secret.go b/ibm/service/secretsmanager/resource_ibm_sm_iam_credentials_secret.go
@@ -113,12 +113,6 @@ func ResourceIbmSmIamCredentialsSecret() *schema.Resource {
 							Description:      "The units for the secret rotation time interval.",
 							DiffSuppressFunc: rotationAttributesDiffSuppress,
 						},
-						"rotate_keys": &schema.Schema{
-							Type:        schema.TypeBool,
-							Optional:    true,
-							Computed:    true,
-							Description: "Determines whether Secrets Manager rotates the private key for your public certificate automatically.Default is `false`. If it is set to `true`, the service generates and stores a new private key for your rotated certificate.",
-						},
 					},
 				},
 			},
@@ -576,9 +570,6 @@ func resourceIbmSmIamCredentialsSecretMapToRotationPolicy(modelMap map[string]in
 	if modelMap["unit"] != nil && modelMap["unit"].(string) != "" {
 		model.Unit = core.StringPtr(modelMap["unit"].(string))
 	}
-	if modelMap["rotate_keys"] != nil {
-		model.RotateKeys = core.BoolPtr(modelMap["rotate_keys"].(bool))
-	}
 	return model, nil
 }
 
@@ -594,8 +585,5 @@ func resourceIbmSmIamCredentialsSecretRotationPolicyToMap(modelIntf secretsmanag
 	if model.Unit != nil {
 		modelMap["unit"] = model.Unit
 	}
-	if model.RotateKeys != nil {
-		modelMap["rotate_keys"] = model.RotateKeys
-	}
 	return modelMap, nil
 }
diff --git a/ibm/service/secretsmanager/resource_ibm_sm_private_certificate.go b/ibm/service/secretsmanager/resource_ibm_sm_private_certificate.go
@@ -245,9 +245,8 @@ func ResourceIbmSmPrivateCertificate() *schema.Resource {
 			},
 			"key_algorithm": &schema.Schema{
 				Type:        schema.TypeString,
-				Optional:    true,
+				Computed:    true,
 				ForceNew:    true,
-				Default:     "RSA2048",
 				Description: "The identifier for the cryptographic algorithm to be used to generate the public key that is associated with the certificate.The algorithm that you select determines the encryption algorithm (`RSA` or `ECDSA`) and key size to be used to generate keys and sign certificates. For longer living certificates, it is recommended to use longer keys to provide more encryption protection. Allowed values:  RSA2048, RSA4096, EC256, EC384.",
 			},
 			"next_rotation_date": &schema.Schema{

diff --git a/website/docs/d/sm_iam_credentials_secret.html.markdown b/website/docs/d/sm_iam_credentials_secret.html.markdown
@@ -93,7 +93,6 @@ Nested scheme for **rotation**:
 	* `auto_rotate` - (Boolean) Determines whether Secrets Manager rotates your secret automatically.Default is `false`. If `auto_rotate` is set to `true` the service rotates your secret based on the defined interval.
 	* `interval` - (Integer) The length of the secret rotation time interval.
 	  * Constraints: The minimum value is `1`.
-	* `rotate_keys` - (Boolean) Determines whether Secrets Manager rotates the private key for your public certificate automatically.Default is `false`. If it is set to `true`, the service generates and stores a new private key for your rotated certificate.
 	* `unit` - (String) The units for the secret rotation time interval.
 	  * Constraints: Allowable values are: `day`, `month`.