fix!: Change additional user default password #332
Conversation
|
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). View this failed invocation of the CLA check for more information. For the most up to date status, view the checks section at the bottom of the pull request. |
| @@ -192,7 +192,7 @@ resource "google_sql_user" "additional_users" { | |||
| for_each = local.users | |||
| project = var.project_id | |||
| name = each.value.name | |||
| password = lookup(each.value, "password", random_password.user-password.result) | |||
| password = lookup(each.value, "password", random_password.additional_passwords[each.key].result) | |||
There was a problem hiding this comment.
Can you add a section to the upgrade guide for existing users? I suspect users who already applied can set the value ofrandom_password.user-password.result to var. additional_users to prevent a diff.
https://github.com/terraform-google-modules/terraform-google-sql-db/blob/master/docs/upgrading_to_sql_db_12.0.0.md
There was a problem hiding this comment.
@carash - we'd like this to part of the upcoming release. Let us know if you can update this in the next 24h. Thank you!
There was a problem hiding this comment.
will do, I'll update the PR today along with the updated tests
There was a problem hiding this comment.
I suspect an upgrade guide to prevent a diff might require manipulating the tfstate file directly, is that fine?
There was a problem hiding this comment.
@carash I was thinking since they have already applied it with random_password.user-password.result, they can retrieve output from generated_user_password and use that to construct var. additional_users like
+ data "google_secret_manager_secret_version" "password" {
+ secret_id = "pg-user-pass"
+ project = var.project_id
+ }
...
additional_users = [
{
name = "user1"
+ password = data.google_secret_manager_secret_version.password.secret_data
}
]similar to what did here https://github.com/terraform-google-modules/terraform-google-sql-db/blob/master/docs/upgrading_to_sql_db_11.0.0.md#switched-to-using-random_password-to-generate-default-passwords
There was a problem hiding this comment.
ah I see. that'll do it, thanks
bharathkkb
changed the title
|
Hi @bharathkkb, I'm currently having trouble with the integration testing, I've tried following the instructions in CONTRIBUTING.md, but the InSpec and Kitchen configs just don't seem to be working for me. Any chance of helping me with this? I also noticed that there don't seem to be any files relating to Kitchen and InSpec in this repo. How should I run the integration test locally? |
Co-authored-by: Laura Seidler <[email protected]>
|
@carash - thanks for the upgrade guide, everything looks good. Regarding int. tests, we're not using Kitchen/Inspec anymore instead we have golang based tests that you can find under the More info on this revised test framework can be found here: https://github.com/GoogleCloudPlatform/cloud-foundation-toolkit/tree/master/infra/blueprint-test |
|
@carash |
Additional users are currently using the
random_password.user-passwordas its default password instead of using each of their self-generatedrandom_password.additional_passwords