Merge pull request #181 from DrFaust92/webhook-secret

Webhook secret (repo and workspace)
DrFaust92 · Oct 25, 2023 · 41d08d0 · 41d08d0
2 parents e71931a + 0128903
commit 41d08d0
Show file tree

Hide file tree

Showing 6 changed files with 85 additions and 16 deletions.
diff --git a/bitbucket/resource_hook.go b/bitbucket/resource_hook.go
@@ -24,6 +24,9 @@ type Hook struct {
 	Active               bool     `json:"active"`
 	SkipCertVerification bool     `json:"skip_cert_verification"`
 	Events               []string `json:"events,omitempty"`
+	Secret               string   `json:"secret"`
+	SecretSet            bool     `json:"secret_set,omitempty"`
+	HistoryEnabled       bool     `json:"history_enabled,omitempty"`
 }
 
 func resourceHook() *schema.Resource {
@@ -61,10 +64,23 @@ func resourceHook() *schema.Resource {
 				Optional: true,
 				Default:  true,
 			},
+			"secret_set": {
+				Type:     schema.TypeBool,
+				Computed: true,
+			},
+			"history_enabled": {
+				Type:     schema.TypeBool,
+				Optional: true,
+			},
 			"url": {
 				Type:     schema.TypeString,
 				Required: true,
 			},
+			"secret": {
+				Type:      schema.TypeString,
+				Optional:  true,
+				Sensitive: true,
+			},
 			"uuid": {
 				Type:     schema.TypeString,
 				Computed: true,
@@ -128,7 +144,9 @@ func createHook(d *schema.ResourceData) *Hook {
 		URL:                  d.Get("url").(string),
 		Description:          d.Get("description").(string),
 		Active:               d.Get("active").(bool),
+		HistoryEnabled:       d.Get("history_enabled").(bool),
 		SkipCertVerification: d.Get("skip_cert_verification").(bool),
+		Secret:               d.Get("secret").(string),
 		Events:               events,
 	}
 
@@ -196,6 +214,8 @@ func resourceHookRead(ctx context.Context, d *schema.ResourceData, m interface{}
 			return diag.FromErr(readerr)
 		}
 
+		log.Printf("[DEBUG] Hook json: %s", string(body))
+
 		decodeerr := json.Unmarshal(body, &hook)
 		if decodeerr != nil {
 			return diag.FromErr(decodeerr)
@@ -204,7 +224,10 @@ func resourceHookRead(ctx context.Context, d *schema.ResourceData, m interface{}
 		d.Set("uuid", hook.UUID)
 		d.Set("description", hook.Description)
 		d.Set("active", hook.Active)
+		d.Set("history_enabled", hook.HistoryEnabled)
+		d.Set("secret_set", hook.SecretSet)
 		d.Set("url", hook.URL)
+		d.Set("secret", d.Get("secret").(string))
 		d.Set("skip_cert_verification", hook.SkipCertVerification)
 		d.Set("events", hook.Events)
 	}

diff --git a/bitbucket/resource_hook_test.go b/bitbucket/resource_hook_test.go
@@ -34,7 +34,9 @@ func TestAccBitbucketHook_basic(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "description", "Test hook for terraform"),
 					resource.TestCheckResourceAttr(resourceName, "url", "https://httpbin.org"),
 					resource.TestCheckResourceAttr(resourceName, "skip_cert_verification", "true"),
-					resource.TestCheckResourceAttr(resourceName, "skip_cert_verification", "true"),
+					resource.TestCheckResourceAttr(resourceName, "secret_set", "false"),
+					resource.TestCheckResourceAttr(resourceName, "history_enabled", "false"),
+					resource.TestCheckResourceAttr(resourceName, "active", "true"),
 					resource.TestCheckResourceAttr(resourceName, "events.#", "1"),
 				),
 			},
@@ -45,14 +47,16 @@ func TestAccBitbucketHook_basic(t *testing.T) {
 				ImportStateVerify: true,
 			},
 			{
-				Config: testAccBitbucketHookConfigUpdated(testUser, rName),
+				Config: testAccBitbucketHookConfigUpdated(testUser, rName, false),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckBitbucketHookExists(resourceName, &hook),
 					resource.TestCheckResourceAttrPair(resourceName, "repository", "bitbucket_repository.test", "name"),
 					resource.TestCheckResourceAttr(resourceName, "description", "Test hook for terraform Updated"),
 					resource.TestCheckResourceAttr(resourceName, "url", "https://httpbin.org"),
-					resource.TestCheckResourceAttr(resourceName, "skip_cert_verification", "true"),
-					resource.TestCheckResourceAttr(resourceName, "skip_cert_verification", "true"),
+					resource.TestCheckResourceAttr(resourceName, "skip_cert_verification", "false"),
+					resource.TestCheckResourceAttr(resourceName, "secret_set", "true"),
+					resource.TestCheckResourceAttr(resourceName, "history_enabled", "false"),
+					resource.TestCheckResourceAttr(resourceName, "active", "false"),
 					resource.TestCheckResourceAttr(resourceName, "events.#", "2"),
 				),
 			},
@@ -64,7 +68,9 @@ func TestAccBitbucketHook_basic(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "description", "Test hook for terraform"),
 					resource.TestCheckResourceAttr(resourceName, "url", "https://httpbin.org"),
 					resource.TestCheckResourceAttr(resourceName, "skip_cert_verification", "true"),
-					resource.TestCheckResourceAttr(resourceName, "skip_cert_verification", "true"),
+					resource.TestCheckResourceAttr(resourceName, "secret_set", "false"),
+					resource.TestCheckResourceAttr(resourceName, "history_enabled", "false"),
+					resource.TestCheckResourceAttr(resourceName, "active", "true"),
 					resource.TestCheckResourceAttr(resourceName, "events.#", "1"),
 				),
 			},
@@ -153,7 +159,7 @@ resource "bitbucket_hook" "test" {
 `, testUser, rName)
 }
 
-func testAccBitbucketHookConfigUpdated(testUser, rName string) string {
+func testAccBitbucketHookConfigUpdated(testUser, rName string, enable bool) string {
 	return fmt.Sprintf(`
 resource "bitbucket_repository" "test" {
   owner = %[1]q
@@ -164,14 +170,16 @@ resource "bitbucket_hook" "test" {
   repository             = bitbucket_repository.test.name
   description            = "Test hook for terraform Updated"
   url                    = "https://httpbin.org"
-  skip_cert_verification = true
+  skip_cert_verification = %[3]t
+  active                 = %[3]t
+  secret                 = %[2]q
 
   events = [
   	"repo:push",
     "repo:fork",
   ]
 }
-`, testUser, rName)
+`, testUser, rName, enable)
 }
 
 func testAccBitbucketHookImportStateIdFunc(resourceName string) resource.ImportStateIdFunc {

diff --git a/bitbucket/resource_workspace_hook.go b/bitbucket/resource_workspace_hook.go
@@ -45,10 +45,23 @@ func resourceWorkspaceHook() *schema.Resource {
 				Optional: true,
 				Default:  true,
 			},
+			"secret_set": {
+				Type:     schema.TypeBool,
+				Computed: true,
+			},
+			"history_enabled": {
+				Type:     schema.TypeBool,
+				Optional: true,
+			},
 			"url": {
 				Type:     schema.TypeString,
 				Required: true,
 			},
+			"secret": {
+				Type:      schema.TypeString,
+				Optional:  true,
+				Sensitive: true,
+			},
 			"uuid": {
 				Type:     schema.TypeString,
 				Computed: true,
@@ -167,7 +180,10 @@ func resourceWorkspaceHookRead(ctx context.Context, d *schema.ResourceData, m in
 		d.Set("uuid", hook.UUID)
 		d.Set("description", hook.Description)
 		d.Set("active", hook.Active)
+		d.Set("history_enabled", hook.HistoryEnabled)
+		d.Set("secret_set", hook.SecretSet)
 		d.Set("url", hook.URL)
+		d.Set("secret", d.Get("secret").(string))
 		d.Set("skip_cert_verification", hook.SkipCertVerification)
 		d.Set("events", hook.Events)
 	}

diff --git a/bitbucket/resource_workspace_hook_test.go b/bitbucket/resource_workspace_hook_test.go
@@ -31,7 +31,9 @@ func TestAccBitbucketWorkspaceHook_basic(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "workspace", workspace),
 					resource.TestCheckResourceAttr(resourceName, "url", "https://httpbin.org"),
 					resource.TestCheckResourceAttr(resourceName, "skip_cert_verification", "true"),
-					resource.TestCheckResourceAttr(resourceName, "skip_cert_verification", "true"),
+					resource.TestCheckResourceAttr(resourceName, "secret_set", "false"),
+					resource.TestCheckResourceAttr(resourceName, "history_enabled", "false"),
+					resource.TestCheckResourceAttr(resourceName, "active", "true"),
 					resource.TestCheckResourceAttr(resourceName, "events.#", "1"),
 				),
 			},
@@ -42,14 +44,16 @@ func TestAccBitbucketWorkspaceHook_basic(t *testing.T) {
 				ImportStateVerify: true,
 			},
 			{
-				Config: testAccBitbucketWorkspaceHookConfigUpdated(workspace, rName),
+				Config: testAccBitbucketWorkspaceHookConfigUpdated(workspace, rName, false),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckBitbucketWorkspaceHookExists(resourceName, &hook),
 					resource.TestCheckResourceAttr(resourceName, "description", "Test hook for terraform Updated"),
 					resource.TestCheckResourceAttr(resourceName, "workspace", workspace),
 					resource.TestCheckResourceAttr(resourceName, "url", "https://httpbin.org"),
-					resource.TestCheckResourceAttr(resourceName, "skip_cert_verification", "true"),
-					resource.TestCheckResourceAttr(resourceName, "skip_cert_verification", "true"),
+					resource.TestCheckResourceAttr(resourceName, "skip_cert_verification", "false"),
+					resource.TestCheckResourceAttr(resourceName, "secret_set", "true"),
+					resource.TestCheckResourceAttr(resourceName, "history_enabled", "false"),
+					resource.TestCheckResourceAttr(resourceName, "active", "false"),
 					resource.TestCheckResourceAttr(resourceName, "events.#", "2"),
 				),
 			},
@@ -61,7 +65,9 @@ func TestAccBitbucketWorkspaceHook_basic(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "workspace", workspace),
 					resource.TestCheckResourceAttr(resourceName, "url", "https://httpbin.org"),
 					resource.TestCheckResourceAttr(resourceName, "skip_cert_verification", "true"),
-					resource.TestCheckResourceAttr(resourceName, "skip_cert_verification", "true"),
+					resource.TestCheckResourceAttr(resourceName, "secret_set", "false"),
+					resource.TestCheckResourceAttr(resourceName, "history_enabled", "false"),
+					resource.TestCheckResourceAttr(resourceName, "active", "true"),
 					resource.TestCheckResourceAttr(resourceName, "events.#", "1"),
 				),
 			},
@@ -118,20 +124,22 @@ resource "bitbucket_workspace_hook" "test" {
 `, workspace, rName)
 }
 
-func testAccBitbucketWorkspaceHookConfigUpdated(workspace, rName string) string {
+func testAccBitbucketWorkspaceHookConfigUpdated(workspace, rName string, enable bool) string {
 	return fmt.Sprintf(`
 resource "bitbucket_workspace_hook" "test" {
   workspace              = %[1]q
   description            = "Test hook for terraform Updated"
   url                    = "https://httpbin.org"
-  skip_cert_verification = true
+  skip_cert_verification = %[3]t
+  active                 = %[3]t
+  secret                 = %[2]q
 
   events = [
   	"repo:push",
     "repo:fork",
   ]
 }
-`, workspace, rName)
+`, workspace, rName, enable)
 }
 
 func testAccBitbucketWorkspaceHookImportStateIdFunc(resourceName string) resource.ImportStateIdFunc {

diff --git a/docs/resources/hook.md b/docs/resources/hook.md
@@ -39,6 +39,17 @@ The following arguments are supported:
 * `url` - (Required) Where to POST to.
 * `description` - (Required) The name / description to show in the UI.
 * `events` - (Required) The events this webhook is subscribed to. Valid values can be found at [Bitbucket Event Payloads Docs](https://support.atlassian.com/bitbucket-cloud/docs/event-payloads/).
+* `active` - (Optional) Whether the webhook configuration is active or not (Default: `true`).
+* `skip_cert_verification` - (Optional) Whether to skip certificate verification or not (Default: `true`).
+* `secret` - (Optional) A Webhook secret value. Passing a null or empty secret or not passing a secret will leave the webhook's secret unset. This value is not returned on read and cannot resolve diffs or be imported as its not returned back from bitbucket API.
+
+## Attributes Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `uuid` - The UUID of the workspace webhook.
+* `secret_set` - Whether a webhook secret is set.
+* `history_enabled` - Whether a webhook history is enabled.
 
 ## Import
 

diff --git a/docs/resources/workspace_hook.md b/docs/resources/workspace_hook.md
@@ -39,12 +39,15 @@ The following arguments are supported:
 * `events` - (Required) The events this webhook is subscribed to. Valid values can be found at [Bitbucket Webhook Docs](https://developer.atlassian.com/cloud/bitbucket/rest/api-group-repositories/#api-repositories-workspace-repo-slug-hooks-post).
 * `active` - (Optional) Whether the webhook configuration is active or not (Default: `true`).
 * `skip_cert_verification` - (Optional) Whether to skip certificate verification or not (Default: `true`).
+* `secret` - (Optional) A Webhook secret value. Passing a null or empty secret or not passing a secret will leave the webhook's secret unset. This value is not returned on read and cannot resolve diffs or be imported as its not returned back from bitbucket API.
 
 ## Attributes Reference
 
 In addition to all arguments above, the following attributes are exported:
 
 * `uuid` - The UUID of the workspace webhook.
+* `secret_set` - Whether a webhook secret is set.
+* `history_enabled` - Whether a webhook history is enabled.
 
 ## Import