Merge pull request #473 from alexkappa/fix-action-secrets

Don't read back secrets as they are write-only
alexkappa · Nov 23, 2021 · 4aa5534 · 4aa5534
2 parents 1bf9bfd + e6577e3
commit 4aa5534
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 13 deletions.
diff --git a/.gitignore b/.gitignore
@@ -37,5 +37,4 @@ override.tf.json
 # VSCode ###
 .vscode/*
 !.vscode/tasks.json
-!.vscode/launch.json
 *.code-workspace
diff --git a/auth0/resource_auth0_action.go b/auth0/resource_auth0_action.go
@@ -164,7 +164,6 @@ func readAction(d *schema.ResourceData, m interface{}) error {
 	d.Set("code", a.Code)
 	d.Set("dependencies", flattenActionDependencies(a.Dependencies))
 	d.Set("runtime", a.Runtime)
-	d.Set("secrets", flattenActionSecrets(a.Secrets))
 
 	if a.DeployedVersion != nil {
 		d.Set("version_id", a.DeployedVersion.GetID())
@@ -257,17 +256,12 @@ func expandAction(d *schema.ResourceData) *management.Action {
 		})
 	})
 
-	if d.IsNewResource() || d.HasChange("secrets") {
-
-		a.Secrets = make([]*management.ActionSecret, 0, Set(d, "secrets").Len())
-
-		Set(d, "secrets").Elem(func(d ResourceData) {
-			a.Secrets = append(a.Secrets, &management.ActionSecret{
-				Name:  String(d, "name"),
-				Value: String(d, "value"),
-			})
+	Set(d, "secrets").Elem(func(d ResourceData) {
+		a.Secrets = append(a.Secrets, &management.ActionSecret{
+			Name:  String(d, "name"),
+			Value: String(d, "value"),
 		})
-	}
+	})
 
 	return a
 }

diff --git a/auth0/resource_auth0_action_test.go b/auth0/resource_auth0_action_test.go
@@ -22,6 +22,7 @@ func TestAccAction(t *testing.T) {
 				Check: resource.ComposeTestCheckFunc(
 					random.TestCheckResourceAttr("auth0_action.my_action", "name", "Test Action {{.random}}", rand),
 					resource.TestCheckResourceAttr("auth0_action.my_action", "code", "exports.onExecutePostLogin = async (event, api) => {};"),
+					resource.TestCheckResourceAttr("auth0_action.my_action", "secrets.#", "1"),
 				),
 			},
 			{
@@ -30,13 +31,15 @@ func TestAccAction(t *testing.T) {
 					random.TestCheckResourceAttr("auth0_action.my_action", "name", "Test Action {{.random}}", rand),
 					resource.TestCheckResourceAttr("auth0_action.my_action", "code", "exports.onContinuePostLogin = async (event, api) => {};"),
 					resource.TestCheckResourceAttrSet("auth0_action.my_action", "version_id"),
+					resource.TestCheckResourceAttr("auth0_action.my_action", "secrets.#", "1"),
 				),
 			},
 			{
 				Config: random.Template(testAccActionConfigUpdateAgain, rand),
 				Check: resource.ComposeTestCheckFunc(
 					random.TestCheckResourceAttr("auth0_action.my_action", "name", "Test Action {{.random}}", rand),
 					resource.TestCheckResourceAttrSet("auth0_action.my_action", "version_id"),
+					resource.TestCheckResourceAttr("auth0_action.my_action", "secrets.#", "0"),
 				),
 			},
 		},
@@ -51,6 +54,10 @@ resource auth0_action my_action {
 		id = "post-login"
 		version = "v2"
 	}
+	secrets {
+		name = "foo"
+		value = "123"
+	}
 	code = "exports.onExecutePostLogin = async (event, api) => {};"
 }
 `
@@ -63,6 +70,10 @@ resource auth0_action my_action {
 		id = "post-login"
 		version = "v2"
 	}
+	secrets {
+		name = "foo"
+		value = "123456"
+	}
 	code = "exports.onContinuePostLogin = async (event, api) => {};"
 	deploy = true
 }

diff --git a/docs/resources/action.md b/docs/resources/action.md
@@ -75,8 +75,12 @@ exported:
 
 ## Import
 
-An action can be imported using the , e.g.
+An action can be imported using the action's ID, e.g. 
 
 ```
 $ terraform import auth0_action.example ...
 ```
+
+~> For security reasons importing `secrets` is not allowed. Therefore it is
+advised to import the action without secrets and adding them back after the 
+action has been imported.