Persist private key for ddcloud_ssl_domain_certificate in state data.

Otherwise, Terraform either supplies an incorrect value to the provider (which causes creation to fail) or always sees the key as having changed (which causes a destroy-and-recreate of the resource). #110
DimensionDataResearch · Mar 15, 2018 · 97a44fc · 97a44fc
1 parent 1467f3d
commit 97a44fc
Show file tree

Hide file tree

Showing 4 changed files with 6 additions and 8 deletions.
diff --git a/CHANGES.md b/CHANGES.md
@@ -1,5 +1,10 @@
 # Changes
 
+# 1.3.4
+
+* Persist private key for `ddcloud_ssl_domain_certificate` in state data.  
+  Otherwise, Terraform either supplies an incorrect value to the provider (which causes creation to fail) or always sees the key as having changed (which causes a destroy-and-recreate of the resource).
+
 # 1.3.3
 
 * Bug-fix: `ssl_offload_profile` property is not being persisted by `ddcloud_virtual_listener` (DimensionDataResearch/dd-cloud-compute-terraform#110).

diff --git a/Makefile b/Makefile
@@ -1,6 +1,6 @@
 PROVIDER_NAME = ddcloud
 
-VERSION = 1.3.3
+VERSION = 1.3.4-alpha1
 VERSION_INFO_FILE = ./$(PROVIDER_NAME)/version-info.go
 
 BIN_DIRECTORY   = _bin

diff --git a/ddcloud/resource_ssl_domain_certificate.go b/ddcloud/resource_ssl_domain_certificate.go
@@ -59,9 +59,6 @@ func resourceSSLDomainCertificate() *schema.Resource {
 				Required:    true,
 				Sensitive:   true,
 				Description: "The certificate's private key (in PEM format).",
-				DiffSuppressFunc: func(key string, oldValue string, newValue string, data *schema.ResourceData) bool {
-					return true // Key is not persisted, so we always act like there's no difference
-				},
 			},
 		},
 	}
@@ -97,9 +94,6 @@ func resourceSSLDomainCertificateCreate(data *schema.ResourceData, provider inte
 	certificatePEM := data.Get(resourceKeySSLDomainCertificateCertificate).(string)
 	privateKeyPEM := data.Get(resourceKeySSLDomainCertificatePrivateKey).(string)
 
-	// Don't persist the private key in the state file.
-	data.Set(resourceKeySSLDomainCertificatePrivateKey, "")
-
 	log.Printf("Create SSL domain certificate '%s' in network domain '%s'.", name, networkDomainID)
 
 	providerState := provider.(*providerState)

diff --git a/docs/resource_types/ssl_domain_certificate.md b/docs/resource_types/ssl_domain_certificate.md
@@ -23,7 +23,6 @@ The following arguments are supported:
 * `description` - (Optional) A description for the certificate.
 * `certificate` - (Required) The X.509 certificate (in PEM format; use `ddcloud_pfx` data source if you need to use a certificate from a `.pfx` file).
 * `private_key` - (Required) The private key (in PEM format).  
-  This value is not persisted in state data (providing Terraform does not crash during the initial `terraform apply`). As such, it cannot be changed after creation unless `certificate` is changed, too.  
   **Note:** only RSA keys are supported by CloudControl.
 
 ## Attribute Reference