hookdeck · leggetter · Mar 6, 2025 · Feb 5, 2025 · Feb 5, 2025 · Feb 5, 2025
diff --git a/.githooks/pre-commit b/.githooks/pre-commit
diff --git a/.golangci.yml b/.golangci.yml
@@ -7,21 +7,21 @@ issues:
 linters:
   disable-all: true
   enable:
+    - copyloopvar
     - durationcheck
     - errcheck
-    - exportloopref
     - forcetypeassert
     - godot
     - gofmt
     - gosimple
+    - govet
     - ineffassign
     - makezero
     - misspell
     - nilerr
     - predeclared
     - staticcheck
-    - tenv
     - unconvert
     - unparam
     - unused
-    - vet
+    - usetesting
diff --git a/GNUmakefile b/GNUmakefile
@@ -8,9 +8,6 @@ testacc:
 generate:
 	go generate ./...
 
-generate-codegen:
-	go generate ./cmd/codegen/...
-
 generate-tfdocs:
 	go generate ./cmd/tfdocs/...
 

diff --git a/README.md b/README.md
@@ -16,7 +16,6 @@ terraform {
   required_providers {
     hookdeck = {
       source  = "hookdeck/hookdeck"
-      version = "~> 0.2"
     }
   }
 }
@@ -40,7 +39,10 @@ resource "hookdeck_source" "my_source" {
 # Configure a destination
 resource "hookdeck_destination" "my_destination" {
   name = "my_destination"
-  url  = "https://mock.hookdeck.com"
+  type = "HTTP"
+  config = jsonencode({
+    url  = "https://myapp.example.com/api"
+  })
 }
 
 # Configure a connection
@@ -50,9 +52,11 @@ resource "hookdeck_connection" "my_connection" {
 }
 ```
 
+For [Source `config`](https://hookdeck.com/docs/api#source-object) and [Destination `config`](https://hookdeck.com/docs/api#destination-object) you must provide a JSON object. This means you do not get validation on the `config` property within your IDE or when running `terraform plan`. However, when running `terraform apply` the Hookdeck API will provide error responses if invalid configuration is received.
+
 ## Dependencies
 
-This provider uses [Hookdeck API](https://hookdeck.com/docs/api) and [Hookdeck Go SDK](https://github.com/hookdeck/hookdeck-go-sdk) under the hood.
+This provider is built on top of the [Hookdeck API](https://hookdeck.com/docs/api).
 
 ## Development
 
@@ -68,6 +72,36 @@ Code generation was [introduced in October 2024](https://github.com/hookdeck/ter
 
 The Hookdeck Go SDK is generated using the Hookdeck Open API spec. Therefore, Hookdeck Terraform Provider code generation must be based on the same OpenAPI spec version used to generate the Go SDK.
 
+### Running locally
+
+See https://developer.hashicorp.com/terraform/tutorials/providers-plugin-framework/providers-plugin-framework-provider#prepare-terraform-for-local-provider-install
+
+### Brief details
+
+Build and install:
+
+```
+go build
+go install
+```
+
+Override the provider in a `~/.terraformrc`:
+
+```
+provider_installation {
+
+  dev_overrides {
+      "hookdeck/hookdeck" = "/Users/leggetter/go/bin"
+  }
+
+  # For all other providers, install them directly from their origin provider
+  # registries as normal. If you omit this, Terraform will _only_ use
+  # the dev_overrides block, and so no other providers will be available.
+  direct {}
+}
+```
+
+
 ### Release
 
 Released are managed via [GitHub Releases](https://github.com/hookdeck/terraform-provider-hookdeck/releases).

diff --git a/cmd/codegen/main.go b/cmd/codegen/main.go
diff --git a/docs/data-sources/destination.md b/docs/data-sources/destination.md
@@ -27,118 +27,11 @@ data "hookdeck_destination" "example" {
 
 ### Read-Only
 
-- `auth_method` (Attributes) Config for the destination's auth method (see [below for nested schema](#nestedatt--auth_method))
-- `cli_path` (String) Path for the CLI destination
+- `config` (String, Sensitive) Destination configuration
 - `created_at` (String) Date the destination was created
 - `description` (String) Description for the destination
 - `disabled_at` (String) Date the destination was disabled
-- `http_method` (String) must be one of ["GET", "POST", "PUT", "PATCH", "DELETE"]
-HTTP method used on requests sent to the destination, overrides the method used on requests sent to the source.
 - `name` (String) A unique, human-friendly name for the destination
-- `path_forwarding_disabled` (Boolean)
-- `rate_limit` (Attributes) Rate limit (see [below for nested schema](#nestedatt--rate_limit))
 - `team_id` (String) ID of the workspace
+- `type` (String) Type of the destination
 - `updated_at` (String) Date the destination was last updated
-- `url` (String) HTTP endpoint of the destination
-
-<a id="nestedatt--auth_method"></a>
-### Nested Schema for `auth_method`
-
-Read-Only:
-
-- `api_key` (Attributes) API Key (see [below for nested schema](#nestedatt--auth_method--api_key))
-- `aws_signature` (Attributes) AWS Signature (see [below for nested schema](#nestedatt--auth_method--aws_signature))
-- `basic_auth` (Attributes) Basic Auth (see [below for nested schema](#nestedatt--auth_method--basic_auth))
-- `bearer_token` (Attributes) Bearer Token (see [below for nested schema](#nestedatt--auth_method--bearer_token))
-- `custom_signature` (Attributes) Custom Signature (see [below for nested schema](#nestedatt--auth_method--custom_signature))
-- `hookdeck_signature` (Attributes) Hookdeck Signature (see [below for nested schema](#nestedatt--auth_method--hookdeck_signature))
-- `json` (String, Sensitive) Stringified JSON value for destination payload, used when Terraform provider hasn't supported the destination method on Hookdeck yet
-- `oauth2_authorization_code` (Attributes) OAuth2 Client Credentials (see [below for nested schema](#nestedatt--auth_method--oauth2_authorization_code))
-- `oauth2_client_credentials` (Attributes) OAuth2 Client Credentials (see [below for nested schema](#nestedatt--auth_method--oauth2_client_credentials))
-
-<a id="nestedatt--auth_method--api_key"></a>
-### Nested Schema for `auth_method.api_key`
-
-Read-Only:
-
-- `api_key` (String, Sensitive) API key for the API key auth
-- `key` (String) Key for the API key auth
-- `to` (String) must be one of ["header", "query"]
-Whether the API key should be sent as a header or a query parameter
-
-
-<a id="nestedatt--auth_method--aws_signature"></a>
-### Nested Schema for `auth_method.aws_signature`
-
-Read-Only:
-
-- `access_key_id` (String, Sensitive) AWS access key id
-- `region` (String) AWS region
-- `secret_access_key` (String, Sensitive) AWS secret access key
-- `service` (String) AWS service
-
-
-<a id="nestedatt--auth_method--basic_auth"></a>
-### Nested Schema for `auth_method.basic_auth`
-
-Read-Only:
-
-- `password` (String, Sensitive) Password for basic auth
-- `username` (String) Username for basic auth
-
-
-<a id="nestedatt--auth_method--bearer_token"></a>
-### Nested Schema for `auth_method.bearer_token`
-
-Read-Only:
-
-- `token` (String, Sensitive) Token for the bearer token auth
-
-
-<a id="nestedatt--auth_method--custom_signature"></a>
-### Nested Schema for `auth_method.custom_signature`
-
-Read-Only:
-
-- `key` (String) Key for the custom signature auth
-- `signing_secret` (String, Sensitive) Signing secret for the custom signature auth. If left empty a secret will be generated for you.
-
-
-<a id="nestedatt--auth_method--hookdeck_signature"></a>
-### Nested Schema for `auth_method.hookdeck_signature`
-
-
-<a id="nestedatt--auth_method--oauth2_authorization_code"></a>
-### Nested Schema for `auth_method.oauth2_authorization_code`
-
-Read-Only:
-
-- `auth_server` (String) URL of the auth server
-- `client_id` (String) Client id in the auth server
-- `client_secret` (String, Sensitive) Client secret in the auth server
-- `refresh_token` (String, Sensitive) Refresh token already returned by the auth server
-- `scope` (String) Scope to access
-
-
-<a id="nestedatt--auth_method--oauth2_client_credentials"></a>
-### Nested Schema for `auth_method.oauth2_client_credentials`
-
-Read-Only:
-
-- `auth_server` (String) URL of the auth server
-- `authentication_type` (String) must be one of [basic, bearer]
-Basic (default) or Bearer Authentication
-- `client_id` (String) Client id in the auth server
-- `client_secret` (String, Sensitive) Client secret in the auth server
-- `scope` (String) Scope to access
-
-
-
-<a id="nestedatt--rate_limit"></a>
-### Nested Schema for `rate_limit`
-
-Read-Only:
-
-- `limit` (Number) Limit event attempts to receive per period. Max value is workspace plan's max attempts thoughput.
-- `period` (String) must be one of ["second", "minute", "hour", "concurrent"]
-Period to rate limit attempts
diff --git a/docs/data-sources/source.md b/docs/data-sources/source.md
@@ -27,21 +27,12 @@ data "hookdeck_source" "example" {
 
 ### Read-Only
 
-- `allowed_http_methods` (List of String) List of allowed HTTP methods. Defaults to PUT, POST, PATCH, DELETE.
+- `config` (String, Sensitive) Source configuration
 - `created_at` (String) Date the source was created
-- `custom_response` (Attributes) Custom response object (see [below for nested schema](#nestedatt--custom_response))
 - `description` (String) Description for the source
 - `disabled_at` (String) Date the source was disabled
 - `name` (String) A unique, human-friendly name for the source
 - `team_id` (String) ID of the workspace
+- `type` (String) Type of the source
 - `updated_at` (String) Date the source was last updated
 - `url` (String) A unique URL that must be supplied to your webhook's provider
-
-<a id="nestedatt--custom_response"></a>
-### Nested Schema for `custom_response`
-
-Read-Only:
-
-- `body` (String) Body of the custom response
-- `content_type` (String) must be one of [json, text, xml]
-Content type of the custom response
diff --git a/docs/guides/register-external-webhooks.md b/docs/guides/register-external-webhooks.md
@@ -16,6 +16,7 @@ Let's start with a Hookdeck connection to start listening to incoming webhooks f
 ```hcl
 resource "hookdeck_source" "stripe" {
   name = "stripe"
+  type = "STRIPE"
 }
 
 resource "hookdeck_destination" "payment_service" {
@@ -34,24 +35,17 @@ resource "hookdeck_connection" "stripe_payment_service" {
 Stripe provides API endpoints to [create a new webhook](https://stripe.com/docs/api/webhook_endpoints/create) and [delete an existing webhook](https://stripe.com/docs/api/webhook_endpoints/delete), which we will use in this example.
 
 ```hcl
-resource "webhook_registration" "stripe" {
+resource "hookdeck_webhook_registration" "stripe_webhook_registration" {
   provider = hookdeck
 
   register = {
     request = {
       method = "POST"
       url    = "https://api.stripe.com/v1/webhook_endpoints"
       headers = jsonencode({
-        "content-type" = "application/json"
         authorization  = "Bearer <STRIPE_SECRET_KEY>"
       })
-      body = jsonencode({
-        url = hookdeck_source.stripe.url
-        enabled_events = [
-          "charge.failed",
-          "charge.succeeded"
-        ]
-      })
+      body = "url=${hookdeck_source.stripe.url}&enabled_events[]=charge.failed&enabled_events[]=charge.succeeded"
     }
   }
   unregister = {
@@ -70,16 +64,14 @@ For many APIs, you will need the ID of the registered webhook to unregister. You
 
 ## Use webhook secret to verify with Hookdeck
 
-Another way you can use the `webhook_registration` resource is to configure Hookdeck [source verification](https://hookdeck.com/docs/signature-verification) as part of your Terraform workflow. With the `webhook_registration` resource above, you can now configure Hookdeck verification like so:
+Another way you can use the `hookdeck_webhook_registration` resource is to configure Hookdeck [source verification](https://hookdeck.com/docs/signature-verification) as part of your Terraform workflow. With the `hookdeck_webhook_registration` resource above, you can now configure Hookdeck verification like so:
 
 ```hcl
-resource "hookdeck_source_verification" "stripe_verification" {
+resource "hookdeck_source_auth" "stripe_source_auth" {
   source_id = hookdeck_source.stripe.id
-  verification = {
-    stripe = {
-      webhook_secret_key = jsondecode(webhook_registration.stripe.register.response).body.secret
-    }
-  }
+  auth = jsonencode({
+    webhook_secret_key = jsondecode(hookdeck_webhook_registration.stripe_webhook_registration.register.response).body.secret
+  })
 }
 ```
 
@@ -92,6 +84,7 @@ Putting everything together to register Stripe webhook with Hookdeck source with
 
 resource "hookdeck_source" "stripe" {
   name = "stripe"
+  type = "STRIPE"
 }
 
 resource "hookdeck_destination" "payment_service" {
@@ -106,24 +99,17 @@ resource "hookdeck_connection" "stripe_payment_service" {
 
 # Register Stripe webhook
 
-resource "webhook_registration" "stripe" {
+resource "hookdeck_webhook_registration" "stripe_webhook_registration" {
   provider = hookdeck
 
   register = {
     request = {
       method = "POST"
       url    = "https://api.stripe.com/v1/webhook_endpoints"
       headers = jsonencode({
-        "content-type" = "application/json"
         authorization  = "Bearer <STRIPE_SECRET_KEY>"
       })
-      body = jsonencode({
-        url = hookdeck_source.stripe.url
-        enabled_events = [
-          "charge.failed",
-          "charge.succeeded"
-        ]
-      })
+      body = "url=${hookdeck_source.stripe.url}&enabled_events[]=charge.failed&enabled_events[]=charge.succeeded"
     }
   }
   unregister = {
@@ -139,12 +125,10 @@ resource "webhook_registration" "stripe" {
 
 # Configure source verification
 
-resource "hookdeck_source_verification" "stripe_verification" {
+resource "hookdeck_source_auth" "stripe_source_auth" {
   source_id = hookdeck_source.stripe.id
-  verification = {
-    stripe = {
-      webhook_secret_key = jsondecode(webhook_registration.stripe.register.response).body.secret
-    }
-  }
+  auth = jsonencode({
+    webhook_secret_key = jsondecode(hookdeck_webhook_registration.stripe_webhook_registration.register.response).body.secret
+  })
 }
 ```