From ef10e3212094195af17456455d0dea87d00408f1 Mon Sep 17 00:00:00 2001 From: Yuri Astrakhan Date: Wed, 4 Jul 2018 16:43:23 -0400 Subject: [PATCH 1/2] Update compute_ssl_certificate.html.markdown It was very confusing for `name_prefix` to be deprecated and undeprecated later. Adding an example of using random_id in addition to name_prefix --- .../r/compute_ssl_certificate.html.markdown | 28 +++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) diff --git a/website/docs/r/compute_ssl_certificate.html.markdown b/website/docs/r/compute_ssl_certificate.html.markdown index 3fa528ff..6846a346 100644 --- a/website/docs/r/compute_ssl_certificate.html.markdown +++ b/website/docs/r/compute_ssl_certificate.html.markdown @@ -22,6 +22,29 @@ resource "google_compute_ssl_certificate" "default" { description = "a description" private_key = "${file("path/to/private.key")}" certificate = "${file("path/to/certificate.crt")}" + + lifecycle { + create_before_destroy = true + } +} + +# You may also want to control name generation explicitly: + +resource "random_id" "certificate" { + byte_length = 4 + prefix = "my-certificate-" +} + +resource "google_compute_ssl_certificate" "default" { + # The name will contain 8 random hex digits, + # e.g. "my-certificate-48ab27cd2a" + name = "${random_id.certificate.hex}" + private_key = "${file("path/to/private.key")}" + certificate = "${file("path/to/certificate.crt")}" + + lifecycle { + create_before_destroy = true + } } ``` @@ -32,8 +55,8 @@ specified configuration, Terraform will destroy the existing resource and create a replacement. To effectively use an SSL certificate resource with a [Target HTTPS Proxy resource][1], it's recommended to specify `create_before_destroy` in a [lifecycle][2] block. Either omit the -Instance Template `name` attribute, or specify a partial name with -`name_prefix`. Example: +Instance Template `name` attribute, specify a partial name with +`name_prefix`, or use [random_id][3] resource. Example: ```hcl resource "google_compute_ssl_certificate" "default" { @@ -90,6 +113,7 @@ exported: [1]: /docs/providers/google/r/compute_target_https_proxy.html [2]: /docs/configuration/resources.html#lifecycle +[3]: /docs/providers/random/r/id.html ## Import From 0df88d300e8bd653b00a8f1e8267a8de0191f83e Mon Sep 17 00:00:00 2001 From: Yuri Astrakhan Date: Fri, 6 Jul 2018 22:48:21 -0400 Subject: [PATCH 2/2] fix random keepers --- website/docs/r/compute_ssl_certificate.html.markdown | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/website/docs/r/compute_ssl_certificate.html.markdown b/website/docs/r/compute_ssl_certificate.html.markdown index 6846a346..0f3ee490 100644 --- a/website/docs/r/compute_ssl_certificate.html.markdown +++ b/website/docs/r/compute_ssl_certificate.html.markdown @@ -33,6 +33,12 @@ resource "google_compute_ssl_certificate" "default" { resource "random_id" "certificate" { byte_length = 4 prefix = "my-certificate-" + + # For security, do not expose raw certificate values in the output + keepers { + private_key = "${base64sha256(file("path/to/private.key"))}" + certificate = "${base64sha256(file("path/to/certificate.crt"))}" + } } resource "google_compute_ssl_certificate" "default" {