From 97a44fcb1c02f1e6b7cb14f613dd260446cd574f Mon Sep 17 00:00:00 2001 From: Adam Friedman Date: Fri, 16 Mar 2018 04:34:34 +1100 Subject: [PATCH] Persist private key for ddcloud_ssl_domain_certificate in state data. Otherwise, Terraform either supplies an incorrect value to the provider (which causes creation to fail) or always sees the key as having changed (which causes a destroy-and-recreate of the resource). DimensionDataResearch/dd-cloud-compute-terraform#110 --- CHANGES.md | 5 +++++ Makefile | 2 +- ddcloud/resource_ssl_domain_certificate.go | 6 ------ docs/resource_types/ssl_domain_certificate.md | 1 - 4 files changed, 6 insertions(+), 8 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 7c4b50a..bd01d88 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,5 +1,10 @@ # Changes +# 1.3.4 + +* Persist private key for `ddcloud_ssl_domain_certificate` in state data. + Otherwise, Terraform either supplies an incorrect value to the provider (which causes creation to fail) or always sees the key as having changed (which causes a destroy-and-recreate of the resource). + # 1.3.3 * Bug-fix: `ssl_offload_profile` property is not being persisted by `ddcloud_virtual_listener` (DimensionDataResearch/dd-cloud-compute-terraform#110). diff --git a/Makefile b/Makefile index b427389..e752401 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,6 @@ PROVIDER_NAME = ddcloud -VERSION = 1.3.3 +VERSION = 1.3.4-alpha1 VERSION_INFO_FILE = ./$(PROVIDER_NAME)/version-info.go BIN_DIRECTORY = _bin diff --git a/ddcloud/resource_ssl_domain_certificate.go b/ddcloud/resource_ssl_domain_certificate.go index 2e16b03..c922207 100644 --- a/ddcloud/resource_ssl_domain_certificate.go +++ b/ddcloud/resource_ssl_domain_certificate.go @@ -59,9 +59,6 @@ func resourceSSLDomainCertificate() *schema.Resource { Required: true, Sensitive: true, Description: "The certificate's private key (in PEM format).", - DiffSuppressFunc: func(key string, oldValue string, newValue string, data *schema.ResourceData) bool { - return true // Key is not persisted, so we always act like there's no difference - }, }, }, } @@ -97,9 +94,6 @@ func resourceSSLDomainCertificateCreate(data *schema.ResourceData, provider inte certificatePEM := data.Get(resourceKeySSLDomainCertificateCertificate).(string) privateKeyPEM := data.Get(resourceKeySSLDomainCertificatePrivateKey).(string) - // Don't persist the private key in the state file. - data.Set(resourceKeySSLDomainCertificatePrivateKey, "") - log.Printf("Create SSL domain certificate '%s' in network domain '%s'.", name, networkDomainID) providerState := provider.(*providerState) diff --git a/docs/resource_types/ssl_domain_certificate.md b/docs/resource_types/ssl_domain_certificate.md index 114530d..c92c407 100644 --- a/docs/resource_types/ssl_domain_certificate.md +++ b/docs/resource_types/ssl_domain_certificate.md @@ -23,7 +23,6 @@ The following arguments are supported: * `description` - (Optional) A description for the certificate. * `certificate` - (Required) The X.509 certificate (in PEM format; use `ddcloud_pfx` data source if you need to use a certificate from a `.pfx` file). * `private_key` - (Required) The private key (in PEM format). - This value is not persisted in state data (providing Terraform does not crash during the initial `terraform apply`). As such, it cannot be changed after creation unless `certificate` is changed, too. **Note:** only RSA keys are supported by CloudControl. ## Attribute Reference