Feature/platform secret changes

[henryde]

No description provided.

[Copilot]

Pull request overview

This PR refactors platform configuration schema to implement a unified secret handling mechanism and standardize authentication configurations across cloud platform integrations. The changes replace individual secret fields with a nested SecretEmbedded structure and introduce a plan modifier to automatically determine authentication type.

Key changes:

• Introduced SecretEmbedded type with plaintext field for consistent secret handling across all platforms
• Replaced platform-specific authType and credentialsAuthClientSecret patterns with unified auth configuration containing type, credential, and workloadIdentity fields
• Standardized field naming (e.g., user_look_up_strategy → user_lookup_strategy, service_account_config → service_account)
• Added authTypeDefault() plan modifier to automatically set authentication type based on provided credentials

Reviewed changes

Copilot reviewed 22 out of 22 changed files in this pull request and generated 5 comments.

Show a summary per file

File	Description
internal/provider/schema_utils.go	Added reusable tenantTagsAttribute() helper function to reduce duplication
internal/provider/platform_resource_schema_kubernetes.go	Refactored Kubernetes/OpenShift/AKS schemas to use kubernetesBasedPlatformAttributes() helper and secretEmbeddedSchema()
internal/provider/platform_resource_schema_gcp.go	Updated GCP schema to use unified service_account with type, credential, and workload_identity fields
internal/provider/platform_resource_schema_azure.go	Standardized Azure authentication with azureAuthSchema() and renamed user_look_up_strategy to user_lookup_strategy
internal/provider/platform_resource_schema_aws.go	Restructured AWS auth config with nested auth.credential and auth.workload_identity structure
internal/provider/platform_resource_obfuscationhandling.go	Updated obfuscation logic to check for nil plaintext instead of comparing to obfuscatedValue constant
internal/provider/platform_resource.go	Added secretEmbeddedSchema() helper function for consistent secret field definitions
internal/provider/platform_data_source.go	Added secretEmbeddedDataSourceSchema() and azureAuthConfigDataSourceSchema() for data source support
internal/provider/auth_type_plan_modifier.go	Implemented custom plan modifier to automatically set auth type based on credential presence
examples/resources/meshstack_platform/resource.tf	Updated example to use new auth.credential.plaintext structure
docs/resources/platform.md	Regenerated documentation reflecting new schema structure
docs/data-sources/platform.md	Regenerated data source documentation
client/platform_config_openshift.go	Fixed field name casing: OpenShiftRoleMappings → OpenshiftRoleMappings
client/platform_config_kubernetes.go	Changed AccessToken from string to SecretEmbedded type
client/platform_config_gcp.go	Restructured service account config with unified Credential and WorkloadIdentity fields
client/platform_config_azurerg.go	Renamed user_look_up_strategy to user_lookup_strategy
client/platform_config_azure.go	Introduced AzureAuthConfig type to replace inline auth fields
client/platform_config_aws.go	Introduced AwsAuth type with nested credential structures
client/platform_config_aks.go	Updated AKS config to use AzureAuthConfig and renamed lookup strategy field
client/platform.go	Added SecretEmbedded struct definition
client/client.go	Replaced errors.New(fmt.Sprintf(...)) with fmt.Errorf(...)
CHANGELOG.md	Added v0.15.1 entry documenting API changes