From a332b4dc90220f07922e77774e11fca03eeec517 Mon Sep 17 00:00:00 2001 From: Steph Date: Fri, 24 Sep 2021 17:36:17 +0200 Subject: [PATCH] convert storage account connection string to iothub connection string order --- internal/services/iothub/iothub_resource.go | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/internal/services/iothub/iothub_resource.go b/internal/services/iothub/iothub_resource.go index 564504d6eff8..9034d041fedb 100644 --- a/internal/services/iothub/iothub_resource.go +++ b/internal/services/iothub/iothub_resource.go @@ -161,13 +161,15 @@ func resourceIotHub() *pluginsdk.Resource { Type: pluginsdk.TypeString, Required: true, DiffSuppressFunc: func(k, old, new string, d *pluginsdk.ResourceData) bool { + // Azure will always mask the Access Keys and the ordering of parameters in connection strings differ: + // DefaultEndpointsProtocol, EndpointSuffix, AccountName, AccountKey [for iothub] + // DefaultEndpointsProtocol, AccountName, AccountKey, EndpointSuffix [for storage account] secretKeyRegex := regexp.MustCompile("(SharedAccessKey|AccountKey)=[^;]+") - sbProtocolRegex := regexp.MustCompile("sb://([^:]+)(:5671)?/;") + splitNew := strings.Split(new, ";") + endpointSuffix := splitNew[len(splitNew)-1] + orderedNew := append([]string{splitNew[0], endpointSuffix}, splitNew[1:len(splitNew)-1]...) + maskedNew := secretKeyRegex.ReplaceAllString(strings.Join(orderedNew, ";"), "$1=****") - // Azure will always mask the Access Keys and will include the port number in the GET response - // 5671 is the default port for Azure Service Bus connections - maskedNew := sbProtocolRegex.ReplaceAllString(new, "sb://$1:5671/;") - maskedNew = secretKeyRegex.ReplaceAllString(maskedNew, "$1=****") return (new == d.Get(k).(string)) && (maskedNew == old) }, Sensitive: true,