Marked Runtime config fields as sensitive (#4234) (#7808)

* added marked field as sensitive Co-authored-by: upodroid <[email protected]> * clean up deadcode Co-authored-by: upodroid <[email protected]> Signed-off-by: Modular Magician <[email protected]> Co-authored-by: upodroid <[email protected]>
hashicorp · Nov 13, 2020 · 1ace75e · 1ace75e
1 parent c18c541
commit 1ace75e
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 75 deletions.
diff --git a/.changelog/4234.txt b/.changelog/4234.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+runtimeconfig: marked value and text fields in `google_runtimeconfig_variable` resource as sensitive 
+```
diff --git a/google/resource_runtimeconfig_variable.go b/google/resource_runtimeconfig_variable.go
@@ -43,15 +43,17 @@ func resourceRuntimeconfigVariable() *schema.Resource {
 			},
 
 			"value": {
-				Type:          schema.TypeString,
-				Optional:      true,
-				ConflictsWith: []string{"text"},
+				Type:         schema.TypeString,
+				Optional:     true,
+				Sensitive:    true,
+				ExactlyOneOf: []string{"text", "value"},
 			},
 
 			"text": {
-				Type:          schema.TypeString,
-				Optional:      true,
-				ConflictsWith: []string{"value"},
+				Type:         schema.TypeString,
+				Optional:     true,
+				Sensitive:    true,
+				ExactlyOneOf: []string{"text", "value"},
 			},
 
 			"update_time": {
@@ -188,13 +190,9 @@ func resourceRuntimeconfigVariableParseFullName(fullName string) (project, confi
 // newRuntimeconfigVariableFromResourceData builds a new runtimeconfig.Variable struct from the data stored in a
 // schema.ResourceData. Also returns the full name of the parent. Returns nil, "", err upon error.
 func newRuntimeconfigVariableFromResourceData(d *schema.ResourceData, project string) (variable *runtimeconfig.Variable, parent string, err error) {
-	// Validate that both text and value are not set
-	text, textSet := d.GetOk("text")
-	value, valueSet := d.GetOk("value")
 
-	if !textSet && !valueSet {
-		return nil, "", fmt.Errorf("You must specify one of value or text.")
-	}
+	text := d.Get("text")
+	value := d.Get("value")
 
 	// TODO(selmanj) here we assume it's a simple name, not a full name. Should probably support full name as well
 	parent = d.Get("parent").(string)
@@ -206,7 +204,7 @@ func newRuntimeconfigVariableFromResourceData(d *schema.ResourceData, project st
 		Name: fullName,
 	}
 
-	if textSet {
+	if text != "" {
 		variable.Text = text.(string)
 	} else {
 		variable.Value = value.(string)

diff --git a/google/resource_runtimeconfig_variable_test.go b/google/resource_runtimeconfig_variable_test.go
@@ -2,13 +2,12 @@ package google
 
 import (
 	"fmt"
-	"regexp"
 	"testing"
 	"time"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
-	"google.golang.org/api/runtimeconfig/v1beta1"
+	runtimeconfig "google.golang.org/api/runtimeconfig/v1beta1"
 )
 
 func TestAccRuntimeconfigVariable_basic(t *testing.T) {
@@ -107,38 +106,6 @@ func TestAccRuntimeconfigVariable_basicValue(t *testing.T) {
 	})
 }
 
-func TestAccRuntimeconfigVariable_errorsOnBothValueAndText(t *testing.T) {
-	// Unit test, no HTTP interactions
-	skipIfVcr(t)
-	t.Parallel()
-
-	vcrTest(t, resource.TestCase{
-		PreCheck:  func() { testAccPreCheck(t) },
-		Providers: testAccProviders,
-		Steps: []resource.TestStep{
-			{
-				Config:      testAccRuntimeconfigVariable_invalidBothTextValue(randString(t, 10)),
-				ExpectError: regexp.MustCompile("conflicts with"),
-			},
-		},
-	})
-}
-
-func TestAccRuntimeconfigVariable_errorsOnMissingValueAndText(t *testing.T) {
-	t.Parallel()
-
-	vcrTest(t, resource.TestCase{
-		PreCheck:  func() { testAccPreCheck(t) },
-		Providers: testAccProviders,
-		Steps: []resource.TestStep{
-			{
-				Config:      testAccRuntimeconfigVariable_invalidMissingTextValue(randString(t, 10)),
-				ExpectError: regexp.MustCompile("You must specify one of value or text"),
-			},
-		},
-	})
-}
-
 func testAccCheckRuntimeconfigVariableExists(t *testing.T, resourceName string, variable *runtimeconfig.Variable) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		rs, ok := s.RootModule().Resources[resourceName]
@@ -268,31 +235,3 @@ resource "google_runtimeconfig_variable" "foobar" {
 }
 `, suffix, name, value)
 }
-
-func testAccRuntimeconfigVariable_invalidBothTextValue(suffix string) string {
-	return fmt.Sprintf(`
-resource "google_runtimeconfig_config" "foobar" {
-  name = "some-config-%s"
-}
-
-resource "google_runtimeconfig_variable" "foobar" {
-  parent = google_runtimeconfig_config.foobar.name
-  name   = "%s"
-  text   = "here's my value"
-  value  = "Zm9vYmFyCg=="
-}
-`, suffix, suffix)
-}
-
-func testAccRuntimeconfigVariable_invalidMissingTextValue(suffix string) string {
-	return fmt.Sprintf(`
-resource "google_runtimeconfig_config" "foobar" {
-  name = "some-config-%s"
-}
-
-resource "google_runtimeconfig_variable" "foobar" {
-  parent = google_runtimeconfig_config.foobar.name
-  name   = "my-variable-namespace/%s"
-}
-`, suffix, suffix)
-}