Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Pages secrets #2399

Merged
merged 3 commits into from
Apr 26, 2023
Merged

Pages secrets #2399

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
bc6564b
WIP
WalshyDev Apr 26, 2023
564c07d
Add changelog and docs
WalshyDev Apr 26, 2023
4f6334d
Mark as sensitive
WalshyDev Apr 26, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .changelog/2399.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:enhancement
resource/cloudflare_pages_project: added secrets to Pages project. Secrets are encrypted environment variables, ideal for secrets such as API tokens. See documentation here: https://developers.cloudflare.com/pages/platform/functions/bindings/#secrets
```
9 changes: 9 additions & 0 deletions docs/resources/pages_project.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,9 @@ resource "cloudflare_pages_project" "deployment_configs" {
environment_variables = {
ENVIRONMENT = "preview"
}
secrets = {
TURNSTILE_SECRET = var.turnstile_secret
}
kv_namespaces = {
KV_BINDING = "5eb63bbbe01eeed093cb22bb8f5acdc3"
}
Expand All @@ -88,6 +91,10 @@ resource "cloudflare_pages_project" "deployment_configs" {
ENVIRONMENT = "production"
OTHER_VALUE = "other value"
}
secrets = {
TURNSTILE_SECRET = var.turnstile_secret
TURNSTILE_INVIS_SECRET = var.turnstile_invisible_secret
}
kv_namespaces = {
KV_BINDING_1 = "5eb63bbbe01eeed093cb22bb8f5acdc3"
KV_BINDING_2 = "3cdca5f8bb22bc390deee10ebbb36be5"
Expand Down Expand Up @@ -167,6 +174,7 @@ Optional:
- `fail_open` (Boolean) Fail open used for Pages Functions. Defaults to `false`.
- `kv_namespaces` (Map of String) KV namespaces used for Pages Functions.
- `r2_buckets` (Map of String) R2 Buckets used for Pages Functions.
- `secrets` (Map of String) Encrypted environment variables for Pages Functions.
- `service_binding` (Block Set) Services used for Pages Functions. (see [below for nested schema](#nestedblock--deployment_configs--preview--service_binding))
- `usage_model` (String) Usage model used for Pages Functions. Defaults to `bundled`.

Expand Down Expand Up @@ -198,6 +206,7 @@ Optional:
- `fail_open` (Boolean) Fail open used for Pages Functions. Defaults to `false`.
- `kv_namespaces` (Map of String) KV namespaces used for Pages Functions.
- `r2_buckets` (Map of String) R2 Buckets used for Pages Functions.
- `secrets` (Map of String) Encrypted environment variables for Pages Functions.
- `service_binding` (Block Set) Services used for Pages Functions. (see [below for nested schema](#nestedblock--deployment_configs--production--service_binding))
- `usage_model` (String) Usage model used for Pages Functions. Defaults to `bundled`.

Expand Down
7 changes: 7 additions & 0 deletions examples/resources/cloudflare_pages_project/resource.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,9 @@ resource "cloudflare_pages_project" "deployment_configs" {
environment_variables = {
ENVIRONMENT = "preview"
}
secrets = {
TURNSTILE_SECRET = var.turnstile_secret
}
kv_namespaces = {
KV_BINDING = "5eb63bbbe01eeed093cb22bb8f5acdc3"
}
Expand All @@ -70,6 +73,10 @@ resource "cloudflare_pages_project" "deployment_configs" {
ENVIRONMENT = "production"
OTHER_VALUE = "other value"
}
secrets = {
TURNSTILE_SECRET = var.turnstile_secret
TURNSTILE_INVIS_SECRET = var.turnstile_invisible_secret
}
kv_namespaces = {
KV_BINDING_1 = "5eb63bbbe01eeed093cb22bb8f5acdc3"
KV_BINDING_2 = "3cdca5f8bb22bc390deee10ebbb36be5"
Expand Down
18 changes: 18 additions & 0 deletions internal/sdkv2provider/resource_cloudflare_pages_project.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,17 @@ func buildDeploymentConfig(environment interface{}) cloudflare.PagesProjectDeplo
deploymentVariables[i] = &envVar
}

break
case "secrets":
variables := value.(map[string]interface{})
for i, variable := range variables {
envVar := cloudflare.EnvironmentVariable{
Value: variable.(string),
Type: cloudflare.SecretText,
}
deploymentVariables[i] = &envVar
}

break
case "kv_namespaces":
namespace := cloudflare.NamespaceBindingMap{}
Expand Down Expand Up @@ -132,6 +143,13 @@ func parseDeploymentConfig(deployment cloudflare.PagesProjectDeploymentConfigEnv
}
config["environment_variables"] = deploymentVars

deploymentVars = map[string]string{}
for key, value := range deployment.EnvVars {
if value.Type == cloudflare.SecretText {
deploymentVars[key] = value.Value
}
}

deploymentVars = map[string]string{}
for key, value := range deployment.KvNamespaces {
deploymentVars[key] = value.Value
Expand Down
14 changes: 14 additions & 0 deletions internal/sdkv2provider/resource_cloudflare_pages_project_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,9 @@ func testPagesProjectDeploymentConfig(resourceID, accountID, projectName string)
environment_variables = {
ENVIRONMENT = "preview"
}
secrets = {
TURNSTILE_SECRET = "1x0000000000000000000000000000000AA"
}
kv_namespaces = {
KV_BINDING = "5eb63bbbe01eeed093cb22bb8f5acdc3"
}
Expand Down Expand Up @@ -108,6 +111,10 @@ func testPagesProjectDeploymentConfig(resourceID, accountID, projectName string)
ENVIRONMENT = "production"
OTHER_VALUE = "other value"
}
secrets = {
TURNSTILE_SECRET = "1x0000000000000000000000000000000AA"
TURNSTILE_INVIS_SECRET = "2x0000000000000000000000000000000AA"
}
kv_namespaces = {
KV_BINDING_1 = "5eb63bbbe01eeed093cb22bb8f5acdc3"
KV_BINDING_2 = "3cdca5f8bb22bc390deee10ebbb36be5"
Expand Down Expand Up @@ -251,6 +258,9 @@ func TestAccCloudflarePagesProject_DeploymentConfig(t *testing.T) {
resource.TestCheckResourceAttr(name, "deployment_configs.0.preview.0.environment_variables.%", "1"),
resource.TestCheckResourceAttr(name, "deployment_configs.0.preview.0.environment_variables.ENVIRONMENT", "preview"),

resource.TestCheckResourceAttr(name, "deployment_configs.0.preview.0.secrets.%", "1"),
resource.TestCheckResourceAttr(name, "deployment_configs.0.preview.0.secrets.TURNSTILE_SECRET", "1x0000000000000000000000000000000AA"),

resource.TestCheckResourceAttr(name, "deployment_configs.0.preview.0.kv_namespaces.%", "1"),
resource.TestCheckResourceAttr(name, "deployment_configs.0.preview.0.kv_namespaces.KV_BINDING", "5eb63bbbe01eeed093cb22bb8f5acdc3"),

Expand All @@ -271,6 +281,10 @@ func TestAccCloudflarePagesProject_DeploymentConfig(t *testing.T) {
resource.TestCheckResourceAttr(name, "deployment_configs.0.production.0.environment_variables.ENVIRONMENT", "production"),
resource.TestCheckResourceAttr(name, "deployment_configs.0.production.0.environment_variables.OTHER_VALUE", "other value"),

resource.TestCheckResourceAttr(name, "deployment_configs.0.preview.0.secrets.%", "1"),
resource.TestCheckResourceAttr(name, "deployment_configs.0.preview.0.secrets.TURNSTILE_SECRET", "1x0000000000000000000000000000000AA"),
resource.TestCheckResourceAttr(name, "deployment_configs.0.preview.0.secrets.TURNSTILE_INVIS_SECRET", "2x0000000000000000000000000000000AA"),

resource.TestCheckResourceAttr(name, "deployment_configs.0.production.0.kv_namespaces.%", "2"),
resource.TestCheckResourceAttr(name, "deployment_configs.0.production.0.kv_namespaces.KV_BINDING_1", "5eb63bbbe01eeed093cb22bb8f5acdc3"),
resource.TestCheckResourceAttr(name, "deployment_configs.0.production.0.kv_namespaces.KV_BINDING_2", "3cdca5f8bb22bc390deee10ebbb36be5"),
Expand Down
6 changes: 6 additions & 0 deletions internal/sdkv2provider/schema_cloudflare_pages_project.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -120,6 +120,12 @@ func resourceCloudflarePagesProjectSchema() map[string]*schema.Schema {
Description: "Environment variables for Pages Functions.",
Optional: true,
},
"secrets": {
Type: schema.TypeMap,
Description: "Encrypted environment variables for Pages Functions.",
Optional: true,
Sensitive: true,
},
"kv_namespaces": {
Type: schema.TypeMap,
Description: "KV namespaces used for Pages Functions.",
Expand Down