Add basic update for google_kms_crypto_key resource
#1511
Conversation
Prior to this commit, any changes to `rotation_period` would force a new resource as no `Update` was defined for the resource. This commit introduces a basic `Update` through calling the `Patch` service method. It only modifies the `rotation_period`, and `next_rotation_time` at the moment, but this is reflective of what is "allowed" on https://console.cloud.google.com/security/kms.
|
|
||
| log.Printf("[DEBUG] Updated CryptoKey %s", cryptoKey.Name) | ||
|
|
||
| d.SetId(cryptoKeyId.cryptoKeyId()) |
There was a problem hiding this comment.
I don't think this is entirely necessary (?), but I see this being done across various Terraform providers, so I suppose it can add some guarantee.
There was a problem hiding this comment.
Yeah, unless you think it's possible that the Id could change on an update (which in this case, it can't) that doesn't really do anything. I usually don't put it in, but I also don't tell people they have to take it out.
There was a problem hiding this comment.
Thanks @MrSaints! This looks great- just a few comments/questions.
google/resource_kms_crypto_key.go
Outdated
| return err | ||
| } | ||
|
|
||
| key := cloudkms.CryptoKey{Purpose: "ENCRYPT_DECRYPT"} |
There was a problem hiding this comment.
Just curious- since it's a PATCH API, do we actually need to include the purpose here since it isn't changing?
There was a problem hiding this comment.
Good point - removing.
google/resource_kms_crypto_key.go
Outdated
|
|
||
| key := cloudkms.CryptoKey{Purpose: "ENCRYPT_DECRYPT"} | ||
|
|
||
| if d.HasChange("rotation_period") && d.Get("rotation_period") != "" { |
There was a problem hiding this comment.
Hmm, what should the behavior be if someone changes the rotation_period from something to nothing?
There was a problem hiding this comment.
In theory, d.Get("rotation_period") will never be an empty string due to validation.
So if we set rotation_period = "", it will fail validation, but that is the master behaviour. If we remove it completely, this block will not execute, but since we included an update mask, it will use the zero value of the struct, so it will end up setting the rotation period to Never. From my understanding, that would've been the case if it was not defined on Create.
There was a problem hiding this comment.
Oh, you're totally right- I missed the update mask. Thanks!
google/resource_kms_crypto_key.go
Outdated
| cryptoKeyId.cryptoKeyId(), | ||
| &key, | ||
| ). | ||
| UpdateMask("rotation_period,next_rotation_time"). |
There was a problem hiding this comment.
nit: We don't have any line-length limitations here, so we tend to go for the "just put it all on one line" style. If that makes you cringe, maybe just put it on two lines or something like that.
|
|
||
| log.Printf("[DEBUG] Updated CryptoKey %s", cryptoKey.Name) | ||
|
|
||
| d.SetId(cryptoKeyId.cryptoKeyId()) |
There was a problem hiding this comment.
Yeah, unless you think it's possible that the Id could change on an update (which in this case, it can't) that doesn't really do anything. I usually don't put it in, but I also don't tell people they have to take it out.
| @@ -111,6 +112,46 @@ func resourceKmsCryptoKeyCreate(d *schema.ResourceData, meta interface{}) error | |||
| return resourceKmsCryptoKeyRead(d, meta) | |||
| } | |||
|
|
|||
| func resourceKmsCryptoKeyUpdate(d *schema.ResourceData, meta interface{}) error { | |||
There was a problem hiding this comment.
Mind adding a test (or adding a step into an existing test) in resource_kms_crypto_key_test.go that does an update?
We are only patching the `rotation_period`, and `next_rotation_time`, so that value will not be affected.
- Test change in rotation period - Test removal of rotation period
|
Cheers for the CR @danawillow. I've made the relevant changes. |
|
The test looks like it's failing: |
|
@danawillow I'll have a look. Strange that Travis CI is passing. Are those tests executed in Travis CI? |
|
No, Travis just does unit tests. Since the acceptance tests create actual cloud resources, we want to be in a bit more control of when they get run. |
|
Unfortunately, I can't currently run the acceptance tests locally, but I've pushed a quick fix for it. Considering |
|
Thanks, it's passing now! I pushed a quick change to your branch to get rid of the ForceNew line altogether (we usually don't bother setting it to false. I figured this was faster than another round of back-and-forth just for the one thing). Merging now, thanks for the contribution! |
|
Thanks a lot @danawillow! I greatly appreciate it 💯 |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks! |
ghost
locked and limited conversation to collaborators
Prior to this commit, any changes to
rotation_periodwouldforce a new resource as no
Updatewas defined for the resource.This commit introduces a basic
Updatethrough calling thePatchservice method. It only modifies therotation_period,and
next_rotation_timeat the moment, but this is reflectiveof what is "allowed" on https://console.cloud.google.com/security/kms.