resource/aws_sns_platform_application: Remove hashing StateFunc on platform credential and principal #3894
Conversation
rhodrid
changed the title
bflad
added
bug
|
Hi @rhodrid 👋 Hmmm. We'll likely need a different way to handle this as this PR will currently be a breaking change for anyone who is currently using the resource. |
|
Howdy 🖖I couldn't see another way to do it... but then I'm not very familiar with the code base. |
rhodrid
force-pushed
the
rd-fix-new-apns-cert
branch
from
fd11954
to
724d23b
Compare
|
There is a follow-on failure that I didn't notice when I first reported the issue - the API call will fail because only the change gets sent to the SNS API endpoint. My "solution" to this is to delete the resource and re-create it. It's not a problem for me at the moment as the resource is not customer facing at this stage of its life but it's a less than ideal way of dealing with it. Is there anyway to force sending both PlatformPrincipal & PlatformCredential? |
rhodrid
force-pushed
the
rd-fix-new-apns-cert
branch
from
724d23b
to
9ae05d4
Compare
ghost
added
size/XS
rhodrid
force-pushed
the
rd-fix-new-apns-cert
branch
from
a497a5b
to
2035e91
Compare
rhodrid
force-pushed
the
rd-fix-new-apns-cert
branch
from
2035e91
to
0c01252
Compare
|
I've updated the PR so if platform_principal changes then platform_credential will be added to the request payload. As it stands this PR fixes the issues I was experiencing with this resource. |
rhodrid
force-pushed
the
rd-fix-new-apns-cert
branch
from
0c01252
to
96533c9
Compare
rhodrid
force-pushed
the
rd-fix-new-apns-cert
branch
from
96533c9
to
b7d3625
Compare
ghost
added
size/XS
rhodrid
force-pushed
the
rd-fix-new-apns-cert
branch
from
b7d3625
to
fb3faa1
Compare
rhodrid
force-pushed
the
rd-fix-new-apns-cert
branch
2 times, most recently
from
b15b71a
to
360e7e1
Compare
rhodrid
force-pushed
the
rd-fix-new-apns-cert
branch
from
360e7e1
to
95a9462
Compare
rhodrid
force-pushed
the
rd-fix-new-apns-cert
branch
from
95a9462
to
74c8097
Compare
When a APNS certificate is renewed and the private key remains the same the new certificate is detected and an attempt is made to update the SNS platform application. This fails because the hashed value for private key (platform credential) is sent along with the new certificate (platform principal) causing the AWS API to reject the request.
rhodrid
force-pushed
the
rd-fix-new-apns-cert
branch
from
74c8097
to
3dd4c79
Compare
…nd platform_princial hash removal Reference: #3894 Reference: #9951 Reference: #12085 Reference: #13406 This also attempts to prevent the SetPlatformApplicationAttributes API call if no API updates need to occur. While we are in the midst of breaking changes and since this resource cannot be acceptance tested by the HashiCorp maintainers, this also fixes some other technical debt issues.
|
Thanks so much for this, @rhodrid, its now been pulled in as part of our version 3.0.0. 👍 |
|
This has been released in version 3.0.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks! |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
ghost
locked and limited conversation to collaborators
When a APNS certificate is renewed and the private key remains the same the new certificate is detected and an attempt is made to update the SNS platform application. This fails because the hashed value for private key (platform credential) is sent along with the new certificate (platform principal) causing the AWS API to reject the request.