Add import function for github_actions_organization_secret resource (#…

…745)

* Add import function for github_actions_organization_secret resource
* Import organization secrets along with selected repository IDs list if visibility is selected
* Ignore change for plaintext_value because it won't be fetched from Github API

* add test / docs for importing `github_actions_organization_secret`

Co-authored-by: Jeremy Udit <jcudit@github.com>

github/resource_github_actions_organization_secret.go

@@ -17,6 +17,12 @@ func resourceGithubActionsOrganizationSecret() *schema.Resource {
 		Read:   resourceGithubActionsOrganizationSecretRead,
 		Update: resourceGithubActionsOrganizationSecretCreateOrUpdate,
 		Delete: resourceGithubActionsOrganizationSecretDelete,
+		Importer: &schema.ResourceImporter{
+			State: func(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) {
+				d.Set("secret_name", d.Id())
+				return []*schema.ResourceData{d}, nil
+			},
+		},
 
 		Schema: map[string]*schema.Schema{
 			"secret_name": {
@@ -133,6 +139,24 @@ func resourceGithubActionsOrganizationSecretRead(d *schema.ResourceData, meta in
 	d.Set("plaintext_value", d.Get("plaintext_value"))
 	d.Set("updated_at", secret.UpdatedAt.String())
 	d.Set("created_at", secret.CreatedAt.String())
+	d.Set("visibility", secret.Visibility)
+
+	selectedRepositoryIDs := []int64{}
+
+	if secret.Visibility == "selected" {
+		selectedRepoList, _, err := client.Actions.ListSelectedReposForOrgSecret(ctx, owner, d.Id())
+		if err != nil {
+			return err
+		}
+
+		selectedRepositories := selectedRepoList.Repositories
+
+		for _, repo := range selectedRepositories {
+			selectedRepositoryIDs = append(selectedRepositoryIDs, repo.GetID())
+		}
+	}
+
+	d.Set("selected_repository_ids", selectedRepositoryIDs)
 
 	return nil
 }

github/resource_github_actions_organization_secret_test.go

@@ -116,4 +116,54 @@ func TestAccGithubActionsOrganizationSecret(t *testing.T) {
 			testCase(t, organization)
 		})
 	})
+
+	t.Run("imports secrets without error", func(t *testing.T) {
+		secretValue := "super_secret_value"
+
+		config := fmt.Sprintf(`
+			resource "github_actions_organization_secret" "test_secret" {
+				secret_name      = "test_secret_name"
+				plaintext_value  = "%s"
+				visibility       = "private"
+			}
+		`, secretValue)
+
+		check := resource.ComposeTestCheckFunc(
+			resource.TestCheckResourceAttr(
+				"github_actions_organization_secret.test_secret", "plaintext_value",
+				secretValue,
+			),
+		)
+
+		testCase := func(t *testing.T, mode string) {
+			resource.Test(t, resource.TestCase{
+				PreCheck:  func() { skipUnlessMode(t, mode) },
+				Providers: testAccProviders,
+				Steps: []resource.TestStep{
+					{
+						Config: config,
+						Check:  check,
+					},
+					{
+						ResourceName:            "github_actions_organization_secret.test_secret",
+						ImportState:             true,
+						ImportStateVerify:       true,
+						ImportStateVerifyIgnore: []string{"plaintext_value"},
+					},
+				},
+			})
+		}
+
+		t.Run("with an anonymous account", func(t *testing.T) {
+			t.Skip("anonymous account not supported for this operation")
+		})
+
+		t.Run("with an individual account", func(t *testing.T) {
+			t.Skip("individual account not supported for this operation")
+		})
+
+		t.Run("with an organization account", func(t *testing.T) {
+			testCase(t, organization)
+		})
+	})
 }

website/docs/r/actions_organization_secret.html.markdown

@@ -56,3 +56,15 @@ The following arguments are supported:
 
 * `created_at`      - Date of actions_secret creation.
 * `updated_at`      - Date of actions_secret update.
+
+## Import
+
+This resource can be imported using an ID made up of the secret name:
+
+```
+$ terraform import github_actions_organization_secret.test_secret test_secret_name
+```
+
+NOTE: the implementation is limited in that it won't fetch the value of the
+`plaintext_value` field when importing. You may need to ignore changes for the
+`plaintext_value` as a workaround.