Skip to content
This repository has been archived by the owner on Oct 9, 2020. It is now read-only.

fix(gcp): Avoid updating resource on second terraform apply #4

Closed
afiune opened this issue Jul 16, 2020 · 0 comments · Fixed by #10
Closed

fix(gcp): Avoid updating resource on second terraform apply #4

afiune opened this issue Jul 16, 2020 · 0 comments · Fixed by #10
Assignees
@afiune
Labels
bug

Comments

@afiune
Copy link
Contributor

afiune commented Jul 16, 2020

When you run terraform apply after creating the resource, we are trying to update the
private_key when it is sensitive and will always be different. We should avoid updating the
resource:

 # module.gcp_project_audit_log.lacework_integration_gcp_at.default will be updated in-place
  ~ resource "lacework_integration_gcp_at" "default" {
        created_or_updated_by   = "afiune@lacework.net"
        created_or_updated_time = "2020-Jul-16 15:34:02 UTC"
        enabled                 = true
        id                      = "TECHALLY_1234"
        intg_guid               = "TECHALLY_1234"
        name                    = "TF audit_log"
        org_level               = false
        resource_id             = "demo"
        resource_level          = "PROJECT"
        subscription            = "projects/demo/subscriptions/lw-at-demo-lacework-subscription"
        type_name               = "GCP_AT_SES"

      ~ credentials {
            client_email   = "lw-at-svc-account@demo.iam.gserviceaccount.com"
            client_id      = "1234"
          + private_key    = (sensitive value)
            private_key_id = "abcd"
        }
    }
afiune added a commit that referenced this issue Jul 23, 2020
@afiune
fix(gcp): suppress private key diff to avoid updates
47b2d89 
When you run terraform apply after creating a gcp resource, we were
trying to update the `private_key` when it is a sensitive element and
the Lacework server, for security reasons, doesn't return that secret,
which means that the resource was always different.

We are adding a suppression to avoid updating the resource.

Closes #4

Signed-off-by: Salim Afiune Maya <afiune@lacework.net>
@afiune afiune mentioned this issue Jul 23, 2020
Merged
afiune added a commit that referenced this issue Jul 23, 2020
@afiune
fix(gcp): suppress private key diff to avoid updates (#10)
2eac48e 
When you run terraform apply after creating a gcp resource, we were
trying to update the `private_key` when it is a sensitive element and
the Lacework server, for security reasons, doesn't return that secret,
which means that the resource was always different.

We are adding a suppression to avoid updating the resource.

Closes #4

Signed-off-by: Salim Afiune Maya <afiune@lacework.net>
@afiune afiune added the bug label Jul 23, 2020
dmurray-lacework pushed a commit to lacework/terraform-provider-lacework that referenced this issue May 27, 2021
@afiune @dmurray-lacework
fix(gcp): suppress private key diff to avoid updates (#10)
1e0d5a8 
When you run terraform apply after creating a gcp resource, we were
trying to update the `private_key` when it is a sensitive element and
the Lacework server, for security reasons, doesn't return that secret,
which means that the resource was always different.

We are adding a suppression to avoid updating the resource.

Closes hashicorp/terraform-provider-lacework#4

Signed-off-by: Salim Afiune Maya <afiune@lacework.net>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@afiune afiune

Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(gcp): suppress private key diff to avoid updates hashicorp/terraform-provider-lacework
2 participants
@afiune @scottford-lw