mirror of
https://github.com/letic/terraform-provider-google.git
synced 2024-07-01 07:42:40 +00:00
Fix issue with google_compute_backend_service IAP client secret @ update (#2978)
<!-- This change is generated by MagicModules. --> /cc @rileykarson
This commit is contained in:
parent
3d43932a49
commit
e5a1c5f997
|
@ -1,7 +1,6 @@
|
|||
package google
|
||||
|
||||
import (
|
||||
"crypto/sha256"
|
||||
"errors"
|
||||
"fmt"
|
||||
"log"
|
||||
|
@ -53,12 +52,11 @@ func resourceComputeBackendService() *schema.Resource {
|
|||
Type: schema.TypeString,
|
||||
Required: true,
|
||||
Sensitive: true,
|
||||
DiffSuppressFunc: func(k, old, new string, d *schema.ResourceData) bool {
|
||||
if old == fmt.Sprintf("%x", sha256.Sum256([]byte(new))) {
|
||||
return true
|
||||
}
|
||||
return false
|
||||
},
|
||||
},
|
||||
"oauth2_client_secret_sha256": {
|
||||
Type: schema.TypeString,
|
||||
Computed: true,
|
||||
Sensitive: true,
|
||||
},
|
||||
},
|
||||
},
|
||||
|
@ -321,7 +319,7 @@ func resourceComputeBackendServiceRead(d *schema.ResourceData, meta interface{})
|
|||
d.Set("self_link", ConvertSelfLinkToV1(service.SelfLink))
|
||||
d.Set("backend", flattenBackends(service.Backends))
|
||||
d.Set("connection_draining_timeout_sec", service.ConnectionDraining.DrainingTimeoutSec)
|
||||
d.Set("iap", flattenIap(service.Iap))
|
||||
d.Set("iap", flattenIap(d, service.Iap))
|
||||
d.Set("project", project)
|
||||
guardedHealthChecks := make([]string, len(service.HealthChecks))
|
||||
for i, v := range service.HealthChecks {
|
||||
|
@ -423,18 +421,17 @@ func expandIap(configured []interface{}) *computeBeta.BackendServiceIAP {
|
|||
}
|
||||
}
|
||||
|
||||
func flattenIap(iap *computeBeta.BackendServiceIAP) []map[string]interface{} {
|
||||
func flattenIap(d *schema.ResourceData, iap *computeBeta.BackendServiceIAP) []map[string]interface{} {
|
||||
result := make([]map[string]interface{}, 0, 1)
|
||||
if iap == nil || !iap.Enabled {
|
||||
return result
|
||||
}
|
||||
|
||||
result = append(result, map[string]interface{}{
|
||||
"oauth2_client_id": iap.Oauth2ClientId,
|
||||
"oauth2_client_secret": iap.Oauth2ClientSecretSha256,
|
||||
return append(result, map[string]interface{}{
|
||||
"oauth2_client_id": iap.Oauth2ClientId,
|
||||
"oauth2_client_secret": d.Get("iap.0.oauth2_client_secret"),
|
||||
"oauth2_client_secret_sha256": iap.Oauth2ClientSecretSha256,
|
||||
})
|
||||
|
||||
return result
|
||||
}
|
||||
|
||||
func expandBackends(configured []interface{}) ([]*computeBeta.Backend, error) {
|
||||
|
|
|
@ -111,14 +111,15 @@ func TestAccComputeBackendService_withBackendAndIAP(t *testing.T) {
|
|||
Config: testAccComputeBackendService_withBackendAndIAP(
|
||||
serviceName, igName, itName, checkName, 10),
|
||||
Check: resource.ComposeTestCheckFunc(
|
||||
testAccCheckComputeBackendServiceExistsWithIAP(
|
||||
"google_compute_backend_service.lipsum", &svc),
|
||||
testAccCheckComputeBackendServiceExistsWithIAP("google_compute_backend_service.lipsum", &svc),
|
||||
resource.TestCheckResourceAttr("google_compute_backend_service.lipsum", "iap.0.oauth2_client_secret", "test"),
|
||||
),
|
||||
},
|
||||
{
|
||||
ResourceName: "google_compute_backend_service.lipsum",
|
||||
ImportState: true,
|
||||
ImportStateVerify: true,
|
||||
ResourceName: "google_compute_backend_service.lipsum",
|
||||
ImportState: true,
|
||||
ImportStateVerify: true,
|
||||
ImportStateVerifyIgnore: []string{"iap.0.oauth2_client_secret"},
|
||||
},
|
||||
{
|
||||
Config: testAccComputeBackendService_withBackend(
|
||||
|
|
|
@ -179,12 +179,16 @@ The `iap` block supports:
|
|||
* `oauth2_client_id` - (Required) The client ID for use with OAuth 2.0.
|
||||
|
||||
* `oauth2_client_secret` - (Required) The client secret for use with OAuth 2.0.
|
||||
Out of band changes to this field will not be detected by Terraform, and it may
|
||||
perform spurious no-op updates when imported, or upgraded from pre-`2.0.0`.
|
||||
|
||||
## Attributes Reference
|
||||
|
||||
In addition to the arguments listed above, the following computed attributes are
|
||||
exported:
|
||||
|
||||
* `iap.0.oauth2_client_secret_sha256` - The SHA256 hash of the OAuth 2.0 client secret value.
|
||||
|
||||
* `fingerprint` - The fingerprint of the backend service.
|
||||
|
||||
* `self_link` - The URI of the created resource.
|
||||
|
|
|
@ -289,6 +289,14 @@ for more details.
|
|||
|
||||
Use the [`google-beta` provider](#google-beta-provider) to set this field.
|
||||
|
||||
### `iap` may cause spurious updates
|
||||
|
||||
Due to technical limitations around how Terraform can diff fields, you may see a
|
||||
spurious update where the client secret in your config replaces an incorrect
|
||||
value that was recorded in state, the SHA256 hash of the secret's value.
|
||||
|
||||
You may also encounter the same behaviour on import.
|
||||
|
||||
## Resource: `google_compute_disk`
|
||||
|
||||
### `disk_encryption_key_raw` and `disk_encryption_key_sha256` have been removed.
|
||||
|
|
Loading…
Reference in New Issue
Block a user