Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix issue with google_compute_backend_service IAP client secret @ update #1337

Merged
merged 2 commits into from
Feb 1, 2019
Merged

Fix issue with google_compute_backend_service IAP client secret @ update #1337

merged 2 commits into from
Feb 1, 2019

Conversation

rileykarson
Copy link
Member

Resolves an issue that some users were encountering tracked off-GitHub.

Terraform theoretically has all the information to diff correctly, but I couldn't get the mechanics of the diff working correctly. I tried to make a CustomizeDiff and tried a few things w/ that, if you'd be interested in taking a crack at it yourself I can explain them + why they didn't work offline (it's a lot of typing to explain here, just grungy state stuff)

The reason we can't use an approach like #1336 is that this field is updatable. We need to preserve the value in state, and can't store a hash because we need to send it back up during updates.

[all]

[terraform]

[terraform-beta]

[ansible]

[inspec]

@modular-magician
Copy link
Collaborator

I am a robot that works on MagicModules PRs!

I built this PR into one or more PRs on other repositories, and when those are closed, this PR will also be merged and closed.
depends: hashicorp/terraform-provider-google-beta#401
depends: hashicorp/terraform-provider-google#2978

nat-henderson
nat-henderson approved these changes Feb 1, 2019
View reviewed changes
Copy link
Contributor

@nat-henderson nat-henderson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This absolutely seems like one way to do it - the value is going to be in logs and in state, right? I think that's certainly the best (could be only?) way to go about it, but I wanted to make sure that users are okay with that.

@rileykarson
Copy link
Member Author

Given how Terraform's state works, the only way to send the field at update time is by recording it. It will be recorded in state and logs, and will not appear at plan time as it's sensitive.

rileykarson and others added 2 commits February 1, 2019 19:02
@rileykarson @modular-magician
Fix issue where google_compute_backend_service's IAP client secret ha…
cfacf0e 
…d wrong value in state.
@modular-magician
Update tracked submodules -> HEAD on Fri Feb 1 19:02:04 UTC 2019
c3d237c 
Tracked submodules are build/terraform-beta build/terraform build/ansible build/inspec.
@modular-magician modular-magician merged commit f77af6e into GoogleCloudPlatform:master Feb 1, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nat-henderson nat-henderson nat-henderson approved these changes

Assignees
No one assigned
Labels
automerged cla: yes downstream-generated terraform-provider-google terraform-provider-google-beta
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@rileykarson @modular-magician @nat-henderson @googlebot