Secrets manager custom password generation policy

.secrets.baseline

@@ -3,7 +3,7 @@
     "files": "go.mod|go.sum|.*.map|^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2024-02-12T15:12:54Z",
+  "generated_at": "2024-02-14T08:29:34Z",
   "plugins_used": [
     {
       "name": "ArtifactoryDetector"
@@ -846,15 +846,15 @@
         "hashed_secret": "c8b6f5ef11b9223ac35a5663975a466ebe7ebba9",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 1835,
+        "line_number": 1834,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "8abf4899c01104241510ba87685ad4de76b0c437",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 1841,
+        "line_number": 1840,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -3406,15 +3406,15 @@
         "hashed_secret": "3046d9f6cfaaeea6eed9bb7a4ab010fe49b0cfd4",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 157,
+        "line_number": 186,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "b732fb611fd46a38e8667f9972e0cde777fbe37f",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 273,
+        "line_number": 314,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -3740,7 +3740,7 @@
         "hashed_secret": "b732fb611fd46a38e8667f9972e0cde777fbe37f",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 354,
+        "line_number": 390,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -3750,15 +3750,15 @@
         "hashed_secret": "6d12fda3835a9f315af351d7df4ff82dbcfdb2e6",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 22,
+        "line_number": 23,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "347cd9c53ff77d41a7b22aa56c7b4efaf54658e3",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 111,
+        "line_number": 127,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -3798,23 +3798,23 @@
         "hashed_secret": "f855f5027fd8fdb2df3f6a6f1cf858fffcbedb0c",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 96613,
+        "line_number": 96618,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "5fb0fa884132a8724a8d7cba55853737e442adbd",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 119402,
+        "line_number": 119412,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "1e5c2f367f02e47a8c160cda1cd9d91decbac441",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 151610,
+        "line_number": 151620,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -4906,23 +4906,23 @@
         "hashed_secret": "e3efaa78f2f6ca38f70ded91b232d8dac947315d",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 31,
+        "line_number": 37,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "d47dcacc720a39e236679ac3e311a0d58bb6519e",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 121,
+        "line_number": 134,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "e66e7d67fdf3c596c435fc7828b13205e4950a0f",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 123,
+        "line_number": 136,
         "type": "Secret Keyword",
         "verified_result": null
       }

go.mod

@@ -29,7 +29,7 @@ require (
 	github.com/IBM/push-notifications-go-sdk v0.0.0-20210310100607-5790b96c47f5
 	github.com/IBM/scc-go-sdk/v5 v5.1.4
 	github.com/IBM/schematics-go-sdk v0.2.3
-	github.com/IBM/secrets-manager-go-sdk/v2 v2.0.2
+	github.com/IBM/secrets-manager-go-sdk/v2 v2.0.3
 	github.com/IBM/vpc-beta-go-sdk v0.6.0
 	github.com/IBM/vpc-go-sdk v0.48.0
 	github.com/ScaleFT/sshkeys v0.0.0-20200327173127-6142f742bca5

go.sum

@@ -176,6 +176,8 @@ github.com/IBM/schematics-go-sdk v0.2.3 h1:lgTt0Sbudii3cuSk1YSQgrtiZAXDbBABAoVj3
 github.com/IBM/schematics-go-sdk v0.2.3/go.mod h1:Tw2OSAPdpC69AxcwoyqcYYaGTTW6YpERF9uNEU+BFRQ=
 github.com/IBM/secrets-manager-go-sdk/v2 v2.0.2 h1:+Svh1OmoFxMBnZQSOUtp2UUzrOGFsSQlE5TFL/ptJco=
 github.com/IBM/secrets-manager-go-sdk/v2 v2.0.2/go.mod h1:WII+LS4VkQYykmq65NWSuPb5xGNvsqkcK1aCWZoU2x4=
+github.com/IBM/secrets-manager-go-sdk/v2 v2.0.3 h1:28x9ksuRllUbDHmbwk15snNZgaEDc+BtY5Ey8oMqKn8=
+github.com/IBM/secrets-manager-go-sdk/v2 v2.0.3/go.mod h1:5gq8D8uWOIbqOm1uztay6lpOysgJaxxEsaVZLWGWb40=
 github.com/IBM/vpc-beta-go-sdk v0.6.0 h1:wfM3AcW3zOM3xsRtZ+EA6+sESlGUjQ6Yf4n5QQyz4uc=
 github.com/IBM/vpc-beta-go-sdk v0.6.0/go.mod h1:fzHDAQIqH/5yJmYsKodKHLcqxMDT+yfH6vZjdiw8CQA=
 github.com/IBM/vpc-go-sdk v0.47.0 h1:2Qcjd4zQQRYjz+y4ZMDP6+aWGifyXCZ9uMmlpW7p9To=

ibm/service/secretsmanager/data_source_ibm_sm_service_credentials_secret.go

@@ -415,7 +415,7 @@ func dataSourceIbmSmServiceCredentialsSecretRotationPolicyToMap(model *secretsma
 	return modelMap, nil
 }
 
-func dataSourceIbmSmServiceCredentialsSecretSourceServiceToMap(sourceService *secretsmanagerv2.ServiceCredentialsSecretSourceService) (map[string]interface{}, error) {
+func dataSourceIbmSmServiceCredentialsSecretSourceServiceToMap(sourceService *secretsmanagerv2.ServiceCredentialsSecretSourceServiceRO) (map[string]interface{}, error) {
 	mainModelMap := make(map[string]interface{})
 	if sourceService.Instance != nil {
 		instanceMap := make(map[string]interface{})

ibm/service/secretsmanager/data_source_ibm_sm_service_credentials_secret_metadata.go

@@ -403,7 +403,7 @@ func dataSourceIbmSmServiceCredentialsSecretMetadataRotationPolicyToMap(model *s
 	return modelMap, nil
 }
 
-func dataSourceIbmSmServiceCredentialsSecretMetadataSourceServiceToMap(sourceService *secretsmanagerv2.ServiceCredentialsSecretSourceService) (map[string]interface{}, error) {
+func dataSourceIbmSmServiceCredentialsSecretMetadataSourceServiceToMap(sourceService *secretsmanagerv2.ServiceCredentialsSecretSourceServiceRO) (map[string]interface{}, error) {
 	mainModelMap := make(map[string]interface{})
 	if sourceService.Instance != nil {
 		instanceMap := make(map[string]interface{})

ibm/service/secretsmanager/data_source_ibm_sm_username_password_secret.go

@@ -115,6 +115,35 @@ func DataSourceIbmSmUsernamePasswordSecret() *schema.Resource {
 				Computed:    true,
 				Description: "The number of versions of the secret.",
 			},
+			"password_generation_policy": &schema.Schema{
+				Type:        schema.TypeList,
+				Computed:    true,
+				Description: "Policy for auto-generated passwords.",
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"length": &schema.Schema{
+							Type:        schema.TypeInt,
+							Computed:    true,
+							Description: "The length of auto-generated passwords.",
+						},
+						"include_digits": &schema.Schema{
+							Type:        schema.TypeBool,
+							Computed:    true,
+							Description: "Include digits in auto-generated passwords.",
+						},
+						"include_symbols": &schema.Schema{
+							Type:        schema.TypeBool,
+							Computed:    true,
+							Description: "Include symbols in auto-generated passwords.",
+						},
+						"include_uppercase": &schema.Schema{
+							Type:        schema.TypeBool,
+							Computed:    true,
+							Description: "Include uppercase letters in auto-generated passwords.",
+						},
+					},
+				},
+			},
 			"rotation": &schema.Schema{
 				Type:        schema.TypeList,
 				Computed:    true,
@@ -257,6 +286,18 @@ func dataSourceIbmSmUsernamePasswordSecretRead(context context.Context, d *schem
 		return diag.FromErr(fmt.Errorf("Error setting rotation %s", err))
 	}
 
+	passwordPolicy := []map[string]interface{}{}
+	if usernamePasswordSecret.PasswordGenerationPolicy != nil {
+		modelMap, err := passwordGenerationPolicyToMap(usernamePasswordSecret.PasswordGenerationPolicy)
+		if err != nil {
+			return diag.FromErr(err)
+		}
+		passwordPolicy = append(passwordPolicy, modelMap)
+	}
+	if err = d.Set("password_generation_policy", passwordPolicy); err != nil {
+		return diag.FromErr(fmt.Errorf("Error setting password_generation_policy %s", err))
+	}
+
 	if err = d.Set("expiration_date", DateTimeToRFC3339(usernamePasswordSecret.ExpirationDate)); err != nil {
 		return diag.FromErr(fmt.Errorf("Error setting expiration_date: %s", err))
 	}

ibm/service/secretsmanager/data_source_ibm_sm_username_password_secret_metadata.go

@@ -107,6 +107,35 @@ func DataSourceIbmSmUsernamePasswordSecretMetadata() *schema.Resource {
 				Computed:    true,
 				Description: "The number of versions of the secret.",
 			},
+			"password_generation_policy": &schema.Schema{
+				Type:        schema.TypeList,
+				Computed:    true,
+				Description: "Policy for auto-generated passwords.",
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"length": &schema.Schema{
+							Type:        schema.TypeInt,
+							Computed:    true,
+							Description: "The length of auto-generated passwords.",
+						},
+						"include_digits": &schema.Schema{
+							Type:        schema.TypeBool,
+							Computed:    true,
+							Description: "Include digits in auto-generated passwords.",
+						},
+						"include_symbols": &schema.Schema{
+							Type:        schema.TypeBool,
+							Computed:    true,
+							Description: "Include symbols in auto-generated passwords.",
+						},
+						"include_uppercase": &schema.Schema{
+							Type:        schema.TypeBool,
+							Computed:    true,
+							Description: "Include uppercase letters in auto-generated passwords.",
+						},
+					},
+				},
+			},
 			"rotation": &schema.Schema{
 				Type:        schema.TypeList,
 				Computed:    true,
@@ -251,6 +280,18 @@ func dataSourceIbmSmUsernamePasswordSecretMetadataRead(context context.Context,
 		return diag.FromErr(fmt.Errorf("Error setting rotation %s", err))
 	}
 
+	passwordPolicy := []map[string]interface{}{}
+	if usernamePasswordSecretMetadata.PasswordGenerationPolicy != nil {
+		modelMap, err := passwordGenerationPolicyToMap(usernamePasswordSecretMetadata.PasswordGenerationPolicy)
+		if err != nil {
+			return diag.FromErr(err)
+		}
+		passwordPolicy = append(passwordPolicy, modelMap)
+	}
+	if err = d.Set("password_generation_policy", passwordPolicy); err != nil {
+		return diag.FromErr(fmt.Errorf("Error setting password_generation_policy %s", err))
+	}
+
 	if err = d.Set("expiration_date", DateTimeToRFC3339(usernamePasswordSecretMetadata.ExpirationDate)); err != nil {
 		return diag.FromErr(fmt.Errorf("Error setting expiration_date: %s", err))
 	}

ibm/service/secretsmanager/data_source_ibm_sm_username_password_secret_metadata_test.go

@@ -30,6 +30,7 @@ func TestAccIbmSmUsernamePasswordSecretMetadataDataSourceBasic(t *testing.T) {
 					resource.TestCheckResourceAttrSet("data.ibm_sm_username_password_secret_metadata.sm_username_password_secret_metadata", "updated_at"),
 					resource.TestCheckResourceAttrSet("data.ibm_sm_username_password_secret_metadata.sm_username_password_secret_metadata", "versions_total"),
 					resource.TestCheckResourceAttrSet("data.ibm_sm_username_password_secret_metadata.sm_username_password_secret_metadata", "rotation.#"),
+					resource.TestCheckResourceAttrSet("data.ibm_sm_username_password_secret_metadata.sm_username_password_secret_metadata", "password_generation_policy.#"),
 				),
 			},
 		},

ibm/service/secretsmanager/data_source_ibm_sm_username_password_secret_test.go

@@ -30,6 +30,7 @@ func TestAccIbmSmUsernamePasswordSecretDataSourceBasic(t *testing.T) {
 					resource.TestCheckResourceAttrSet("data.ibm_sm_username_password_secret.sm_username_password_secret", "updated_at"),
 					resource.TestCheckResourceAttrSet("data.ibm_sm_username_password_secret.sm_username_password_secret", "versions_total"),
 					resource.TestCheckResourceAttrSet("data.ibm_sm_username_password_secret.sm_username_password_secret", "rotation.#"),
+					resource.TestCheckResourceAttrSet("data.ibm_sm_username_password_secret.sm_username_password_secret", "password_generation_policy.#"),
 					resource.TestCheckResourceAttrSet("data.ibm_sm_username_password_secret.sm_username_password_secret", "username"),
 					resource.TestCheckResourceAttrSet("data.ibm_sm_username_password_secret.sm_username_password_secret", "password"),
 					resource.TestCheckResourceAttrSet("data.ibm_sm_username_password_secret.sm_username_password_secret_by_name", "name"),

ibm/service/secretsmanager/resource_ibm_sm_service_credentials_secret.go

@@ -698,7 +698,7 @@ func resourceIbmSmServiceCredentialsSecretRotationPolicyToMap(modelIntf secretsm
 	return modelMap, nil
 }
 
-func resourceIbmSmServiceCredentialsSecretSourceServiceToMap(sourceService *secretsmanagerv2.ServiceCredentialsSecretSourceService) (map[string]interface{}, error) {
+func resourceIbmSmServiceCredentialsSecretSourceServiceToMap(sourceService *secretsmanagerv2.ServiceCredentialsSecretSourceServiceRO) (map[string]interface{}, error) {
 	mainModelMap := make(map[string]interface{})
 	if sourceService.Instance != nil {
 		instanceMap := make(map[string]interface{})