Add managed SSL cert to beta. #1420
Conversation
There was a problem hiding this comment.
It's probably worth getting @SirGitsalot's opinion on the API deviation. Assuming the test passes, LGTM
|
Hi! I'm the modular magician, I work on Magic Modules. Pull request statusesNo diff detected in terraform-provider-google. New Pull RequestsI built this PR into one or more new PRs on other repositories, and when those are closed, this PR will also be merged and closed. |
LGTM |
|
Oops wrong button |
|
Hi! I'm the modular magician, I work on Magic Modules. Pull request statusesterraform-provider-google-beta already has an open PR. New Pull RequestsI built this PR into one or more new PRs on other repositories, and when those are closed, this PR will also be merged and closed. |
|
Hi! I'm the modular magician, I work on Magic Modules. Pull request statusesterraform-provider-google-beta already has an open PR. New Pull RequestsI didn't open any new pull requests because of this PR. |
|
Hi! I'm the modular magician, I work on Magic Modules. Pull request statusesterraform-provider-google-beta already has an open PR. New Pull RequestsI didn't open any new pull requests because of this PR. |
|
It looks like we're blocked on a fix to magic modules that will automatically close the no-op ansible PR. @rambleraptor has said he's on it. :) If we're coming up on the next terraform release and this still isn't in, I'll just push the button to submit 'em. This will be in the next release. |
|
Merged TF downstreams but leaving this PR open, since we're not quite there on Ansible yet. |
|
Ansible does not yet support beta resources. I’ve got to talk with the
Ansible folks to understand a path forward for that. It hasn’t been a huge
priority yet.
…On Mon, Feb 25, 2019 at 1:46 PM Nathan McKinley ***@***.***> wrote:
Merged, since we're not quite there on Ansible yet.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#1420 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABQ65nmsOCI_IxUM-B4bEeIabI71R4H9ks5vRFm_gaJpZM4bGaZp>
.
|
|
Oh, that's no problem - the issue is that the Ansible generator is still adding files to Ansible downstream even though they should be excluded. |
|
Oh got it. Now that this is merged in, it should be a lot easier to
diagnose what’s going on.
If there’s spurious files, it’s not the end of the world for the moment.
I’ll make sure they don’t go upstream.
…On Mon, Feb 25, 2019 at 2:02 PM Nathan McKinley ***@***.***> wrote:
Oh, that's no problem - the issue is that the Ansible generator is still
adding files to Ansible downstream even though they should be excluded.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#1420 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABQ65k-jNtZsQGiQrloMEdpFuLTiHGENks5vRF2KgaJpZM4bGaZp>
.
|
|
Hm, does that mean I should merge the ansible change? I can do that, if it would help - I haven't done that yet. |
|
hi guys :) can we push this feature , i really need it , if you need help no problem ;) |
|
If you're looking for support in Terraform, this is available in version |
Tracked submodules are build/terraform-beta build/terraform build/ansible build/inspec.
modular-magician
force-pushed
the
sslCerts
branch
from
27161ad to
81411f6
Compare
All right!
This is an interesting one. SSL certs and Managed SSL Certs are the same resource type in GCP, so this is the first time that we have had two resources that point to the same endpoints.
We think this is the right move. Here's the API object for SSL certs in v1:
and beta:
You can see that the beta object contains the v1 object as a subset - and that code which operates with the v1 object is interoperable with the beta object, even though the beta object also contains a separate system for distinguishing managed and unmanaged ssl certificates.
We decided that this is confusing, unnecessarily so, and that the right move here is to treat managed and unmanaged ssl certs as different objects which share an api endpoint. We believe this is safe, because according to the deprecation policy, as long as compute continues to support v1, the original api will be usable. This has some side effects - technically, for instance, you could import a managed certificate as a self-managed one, if you wanted to - but they are negligible.
This resource needs to be handled with extreme caution. The setup steps for this resource are complex - and may include out of band changes to DNS host servers. I have drafted a cautionary statement for the docs, but would appreciate additional help in conveying the issue.
[all]
[terraform]
Changes ancillary to adding managed SSL certs.
[terraform-beta]
Add managed SSL certs to beta.
[ansible]
[inspec]