Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Terraform] Store SHA 256 of certificate SSL private keys #1336

Merged
merged 3 commits into from
Feb 1, 2019

Conversation

paddycarver
Copy link
Contributor

Rather than storing the private key in cleartext, this PR changes compute_certificates to store the SSL private key's SHA256 sum, and uses a diffsuppress to ensure that we still get changes when the private key changes.


[all]

[terraform]

SHA256 encode compute_certificate's private keys

[terraform-beta]

[ansible]

[inspec]

@paddycarver
Copy link
Contributor Author

This should resolve hashicorp/terraform-provider-google#927. Tests pass locally.

@modular-magician
Copy link
Collaborator

I am a robot that works on MagicModules PRs!

I built this PR into one or more PRs on other repositories, and when those are closed, this PR will also be merged and closed.
depends: hashicorp/terraform-provider-google-beta#400
depends: hashicorp/terraform-provider-google#2976

@modular-magician
Copy link
Collaborator

I am a robot that works on MagicModules PRs!
I checked the downstream repositories (see README.md for which ones I can write to), and none of them seem to have any changes.

Once this PR is approved, you can feel free to merge it without taking any further steps.

This updates the SSL certificate keys property to use a custom flatten
function, setting it to a hashed value of the key. It also adds a
diffSuppressFunc to check the config against the hash.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants