Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bug Fix: Webhook secret stored incorrectly in state #251

Merged
merged 2 commits into from
Jul 15, 2019
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions github/resource_github_organization_webhook.go
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,11 @@ func resourceGithubOrganizationWebhookCreate(d *schema.ResourceData, meta interf
}
d.SetId(strconv.FormatInt(*hook.ID, 10))

if hook.Config["secret"] != nil {
hook.Config["secret"] = webhookObj.Config["secret"]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm assuming the GitHub API doesn't return the secret, so we have to set it based on what's in the ResourceData? If so, can we add a comment saying as much, just to explain why we have to do this?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, what does hook.Config get set to, if not nil? That looks like the GitHub response, but what does it actually get set to?

}
d.Set("configuration", []interface{}{hook.Config})

return resourceGithubOrganizationWebhookRead(d, meta)
}

Expand Down Expand Up @@ -134,6 +139,15 @@ func resourceGithubOrganizationWebhookRead(d *schema.ResourceData, meta interfac
d.Set("url", hook.URL)
d.Set("active", hook.Active)
d.Set("events", hook.Events)

if len(d.Get("configuration").([]interface{})) > 0 {
currentSecret := d.Get("configuration").([]interface{})[0].(map[string]interface{})["secret"]

if hook.Config["secret"] != nil {
hook.Config["secret"] = currentSecret
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Likewise, a comment here just explaining the situation would be 💯

}
}

d.Set("configuration", []interface{}{hook.Config})

return nil
Expand Down
14 changes: 14 additions & 0 deletions github/resource_github_repository_webhook.go
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,11 @@ func resourceGithubRepositoryWebhookCreate(d *schema.ResourceData, meta interfac
}
d.SetId(strconv.FormatInt(*hook.ID, 10))

if hook.Config["secret"] != nil {
hook.Config["secret"] = hk.Config["secret"]
}
d.Set("configuration", []interface{}{hook.Config})

return resourceGithubRepositoryWebhookRead(d, meta)
}

Expand Down Expand Up @@ -152,6 +157,15 @@ func resourceGithubRepositoryWebhookRead(d *schema.ResourceData, meta interface{
d.Set("url", hook.URL)
d.Set("active", hook.Active)
d.Set("events", hook.Events)

if len(d.Get("configuration").([]interface{})) > 0 {
currentSecret := d.Get("configuration").([]interface{})[0].(map[string]interface{})["secret"]

if hook.Config["secret"] != nil {
hook.Config["secret"] = currentSecret
}
}

d.Set("configuration", []interface{}{hook.Config})

return nil
Expand Down
9 changes: 5 additions & 4 deletions github/resource_github_repository_webhook_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -119,10 +119,11 @@ func TestAccGithubRepositoryWebhook_importSecret(t *testing.T) {
Config: testAccGithubRepositoryWebhookConfig_secret(randString),
},
{
ResourceName: "github_repository_webhook.foo",
ImportState: true,
ImportStateVerify: true,
ImportStateIdPrefix: fmt.Sprintf("foo-%s/", randString),
ResourceName: "github_repository_webhook.foo",
ImportState: true,
ImportStateVerify: true,
ImportStateIdPrefix: fmt.Sprintf("foo-%s/", randString),
ImportStateVerifyIgnore: []string{"configuration.0.secret"}, // github does not allow a read of the actual secret
},
},
})
Expand Down
9 changes: 0 additions & 9 deletions github/schema_webhook_configuration.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,15 +23,6 @@ func webhookConfigurationSchema() *schema.Schema {
Type: schema.TypeString,
Optional: true,
Sensitive: true,
DiffSuppressFunc: func(k, oldV, newV string, d *schema.ResourceData) bool {
// Undocumented GitHub feature where API returns 8 asterisks in place of the secret
maskedSecret := "********"
if oldV == maskedSecret {
return true
}

return oldV == newV
},
},
"insecure_ssl": {
Type: schema.TypeString,
Expand Down
2 changes: 2 additions & 0 deletions website/docs/r/repository_webhook.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -68,3 +68,5 @@ Importing uses the name of the repository, as well as the ID of the webhook, e.g
```
$ terraform import github_repository_webhook.terraform terraform/11235813
```

If secret is populated in the webhook's configuration, the value will be imported as "********".