Skip to content

Commit 9e3955e

Browse files
akinrossakinross
committed
[ignore] allow modify plan for sensitive values
1 parent 8355994 commit 9e3955e

File tree

3 files changed

+37
-15
lines changed

3 files changed

+37
-15
lines changed

gen/templates/resource.go.tmpl

Lines changed: 17 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -628,7 +628,9 @@ func set{{ .ResourceClassName }}LegacyAttributes(ctx context.Context, diags *dia
628628
{{- end}}
629629
{{- range .LegacyAttributes}}
630630
{{- if isSensitiveAttribute .AttributeName $.Properties }}
631-
data.Deprecated{{.Name}} = staticData.Deprecated{{.Name}}
631+
if !staticData.Deprecated{{.Name}}.IsUnknown() {
632+
data.Deprecated{{.Name}} = staticData.Deprecated{{.Name}}
633+
}
632634
{{- end}}
633635
{{- end}}
634636
{{- range .LegacyAttributes}}
@@ -865,14 +867,17 @@ func (r *{{.ResourceClassName}}Resource) ModifyPlan(ctx context.Context, req res
865867
{{- end}}
866868
{{ if .LegacyAttributes}}{{ $ResourceClassName := .ResourceClassName}}
867869
{{ range .LegacyAttributes}}{{$SetName := .Name}}
868-
{{- if and (ne .ReplacedBy.AttributeName "") (eq (getMigrationType .ValueType) "String") (isNewAttributeStringType .ReplacedBy.AttributeName) (not (isSensitiveAttribute .AttributeName $.Properties))}}
870+
{{- if and (ne .ReplacedBy.AttributeName "") (eq (getMigrationType .ValueType) "String") (isNewAttributeStringType .ReplacedBy.AttributeName) }}
869871
if !configData.Deprecated{{ .Name }}.IsNull() {
870872
{{- if .NeedsCustomType}}
871873
planData.{{ .Name }} = customTypes.{{$ResourceClassName}}{{.Name}}StringValue{StringValue: configData.Deprecated{{ .Name }} }
872874
{{- else}}
873875
planData.{{ .Name }} = configData.Deprecated{{ .Name }}
874876
{{- end}}
877+
}{{ if isSensitiveAttribute .AttributeName $.Properties}} else if !configData.{{ .Name }}.IsNull() {
878+
planData.Deprecated{{ .Name }} = configData.{{ .Name }}
875879
}
880+
{{- end }}
876881
{{- else if and (ne .ReplacedBy.AttributeName "") (eq (getMigrationType .ValueType) "String") }}
877882
{{- range $.Children}}{{$ResourceName := .ResourceName}}
878883
{{- if or (not .IdentifiedBy) .MaxOneClassAllowed}}
@@ -1218,7 +1223,7 @@ func avoid{{.ResourceClassName}}PlanChangeForKnownAfterApplyOnly(ctx context.Con
12181223
{{- end}}
12191224
{{- end}}
12201225
{{- range .LegacyAttributes}}
1221-
{{- if and (ne .ReplacedBy.AttributeName "") (not (isSensitiveAttribute .AttributeName $.Properties)) }}
1226+
{{- if ne .ReplacedBy.AttributeName "" }}
12221227
if configData.Deprecated{{ .Name }}.IsNull() {
12231228
planData.Deprecated{{.Name}} = stateData.Deprecated{{.Name}}
12241229
}
@@ -1453,10 +1458,9 @@ func (r *{{.ResourceClassName}}Resource) Schema(ctx context.Context, req resourc
14531458
{{- if eq (getMigrationType .ValueType) "String"}}
14541459
"{{.AttributeName}}": schema.StringAttribute{
14551460
Optional: true,
1461+
Computed: true,
14561462
{{- if isSensitiveAttribute .AttributeName $.Properties }}
14571463
Sensitive: true,
1458-
{{- else}}
1459-
Computed: true,
14601464
{{- end}}
14611465
DeprecationMessage: "{{getDeprecatedExplanation .AttributeName $ReplacedAttribute}}",
14621466
Validators: []validator.String{
@@ -1619,6 +1623,9 @@ func (r *{{.ResourceClassName}}Resource) Schema(ctx context.Context, req resourc
16191623
{{- if ne .ValueType "password"}}
16201624
Computed: true,
16211625
{{- else}}
1626+
{{- if ne $LegacyAttributeName ""}}
1627+
Computed: true,
1628+
{{- end}}
16221629
Sensitive: true,
16231630
{{- end}}
16241631
{{- end}}
@@ -2070,8 +2077,10 @@ func getAndSet{{.ResourceClassName}}Attributes(ctx context.Context, diags *diag.
20702077
readData.{{.Name}} = {{.PropertyName}}Set
20712078
}
20722079
{{- else if eq .ValueType "password"}}
2073-
// Sensitive attributes are not returned by the APIC, so they are explicitly set to their current state values.
2074-
readData.{{.Name}} = data.{{.Name}}
2080+
// Sensitive attributes are not returned by the APIC, so they are explicitly set to their current state values.
2081+
if !data.{{.Name}}.IsUnknown() {
2082+
readData.{{.Name}} = data.{{.Name}}
2083+
}
20752084
{{- else}}
20762085
{{- if containsNoneAttributeValue .ValidValues}}
20772086
if attributeName == "{{.PropertyName}}" && attributeValue.(string) == "" {
@@ -2514,9 +2523,7 @@ func get{{.ResourceClassName}}CreateJsonPayload(ctx context.Context, diags *diag
25142523
{{- else}}
25152524
if !data.{{- if eq .Name "Id"}}{{.ResourceClassName}}{{ .Name }}{{- else}}{{.Name}}{{- end}}.IsNull() && !data.{{- if eq .Name "Id"}}{{.ResourceClassName}}{{ .Name }}{{- else}}{{.Name}}{{- end}}.IsUnknown(){
25162525
payloadMap["attributes"].(map[string]string)["{{ .PropertyName }}"] = data.{{- if eq .Name "Id"}}{{.ResourceClassName}}{{ .Name }}{{- else}}{{.Name}}{{- end}}.ValueString()
2517-
}{{if and (eq .ValueType "password") (isLegacyAttribute .Name $.LegacyAttributes)}} else if !data.Deprecated{{ .Name }}.IsNull() && !data.Deprecated{{ .Name }}.IsUnknown(){
2518-
payloadMap["attributes"].(map[string]string)["{{ .PropertyName }}"] = data.Deprecated{{ .Name }}.ValueString()
2519-
}{{- end}}
2526+
}
25202527
{{- end}}
25212528
{{- end}}{{- end}}
25222529
{{- if .MultiParentFormats }}

internal/provider/resource_aci_key_ring.go

Lines changed: 3 additions & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

internal/provider/resource_aci_vmm_credential.go

Lines changed: 17 additions & 4 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)