Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Marked Runtime config fields as sensitive #7808

Merged
merged 1 commit into from
Nov 13, 2020
Merged

Marked Runtime config fields as sensitive #7808

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .changelog/4234.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:enhancement
runtimeconfig: marked value and text fields in `google_runtimeconfig_variable` resource as sensitive
```
24 changes: 11 additions & 13 deletions google/resource_runtimeconfig_variable.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,15 +43,17 @@ func resourceRuntimeconfigVariable() *schema.Resource {
},

"value": {
Type: schema.TypeString,
Optional: true,
ConflictsWith: []string{"text"},
Type: schema.TypeString,
Optional: true,
Sensitive: true,
ExactlyOneOf: []string{"text", "value"},
},

"text": {
Type: schema.TypeString,
Optional: true,
ConflictsWith: []string{"value"},
Type: schema.TypeString,
Optional: true,
Sensitive: true,
ExactlyOneOf: []string{"text", "value"},
},

"update_time": {
Expand Down Expand Up @@ -188,13 +190,9 @@ func resourceRuntimeconfigVariableParseFullName(fullName string) (project, confi
// newRuntimeconfigVariableFromResourceData builds a new runtimeconfig.Variable struct from the data stored in a
// schema.ResourceData. Also returns the full name of the parent. Returns nil, "", err upon error.
func newRuntimeconfigVariableFromResourceData(d *schema.ResourceData, project string) (variable *runtimeconfig.Variable, parent string, err error) {
// Validate that both text and value are not set
text, textSet := d.GetOk("text")
value, valueSet := d.GetOk("value")

if !textSet && !valueSet {
return nil, "", fmt.Errorf("You must specify one of value or text.")
}
text := d.Get("text")
value := d.Get("value")

// TODO(selmanj) here we assume it's a simple name, not a full name. Should probably support full name as well
parent = d.Get("parent").(string)
Expand All @@ -206,7 +204,7 @@ func newRuntimeconfigVariableFromResourceData(d *schema.ResourceData, project st
Name: fullName,
}

if textSet {
if text != "" {
variable.Text = text.(string)
} else {
variable.Value = value.(string)
Expand Down
63 changes: 1 addition & 62 deletions google/resource_runtimeconfig_variable_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,12 @@ package google

import (
"fmt"
"regexp"
"testing"
"time"

"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
"google.golang.org/api/runtimeconfig/v1beta1"
runtimeconfig "google.golang.org/api/runtimeconfig/v1beta1"
)

func TestAccRuntimeconfigVariable_basic(t *testing.T) {
Expand Down Expand Up @@ -107,38 +106,6 @@ func TestAccRuntimeconfigVariable_basicValue(t *testing.T) {
})
}

func TestAccRuntimeconfigVariable_errorsOnBothValueAndText(t *testing.T) {
// Unit test, no HTTP interactions
skipIfVcr(t)
t.Parallel()

vcrTest(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
Steps: []resource.TestStep{
{
Config: testAccRuntimeconfigVariable_invalidBothTextValue(randString(t, 10)),
ExpectError: regexp.MustCompile("conflicts with"),
},
},
})
}

func TestAccRuntimeconfigVariable_errorsOnMissingValueAndText(t *testing.T) {
t.Parallel()

vcrTest(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
Steps: []resource.TestStep{
{
Config: testAccRuntimeconfigVariable_invalidMissingTextValue(randString(t, 10)),
ExpectError: regexp.MustCompile("You must specify one of value or text"),
},
},
})
}

func testAccCheckRuntimeconfigVariableExists(t *testing.T, resourceName string, variable *runtimeconfig.Variable) resource.TestCheckFunc {
return func(s *terraform.State) error {
rs, ok := s.RootModule().Resources[resourceName]
Expand Down Expand Up @@ -268,31 +235,3 @@ resource "google_runtimeconfig_variable" "foobar" {
}
`, suffix, name, value)
}

func testAccRuntimeconfigVariable_invalidBothTextValue(suffix string) string {
return fmt.Sprintf(`
resource "google_runtimeconfig_config" "foobar" {
name = "some-config-%s"
}

resource "google_runtimeconfig_variable" "foobar" {
parent = google_runtimeconfig_config.foobar.name
name = "%s"
text = "here's my value"
value = "Zm9vYmFyCg=="
}
`, suffix, suffix)
}

func testAccRuntimeconfigVariable_invalidMissingTextValue(suffix string) string {
return fmt.Sprintf(`
resource "google_runtimeconfig_config" "foobar" {
name = "some-config-%s"
}

resource "google_runtimeconfig_variable" "foobar" {
parent = google_runtimeconfig_config.foobar.name
name = "my-variable-namespace/%s"
}
`, suffix, suffix)
}