Merge pull request #11 from hashicorp/main

Fork Sync: Update from parent repository
opentofu · Sep 21, 2023 · b878e80 · b878e80
2 parents d28a2fd + 2a3355d
commit b878e80
Show file tree

Hide file tree

Showing 6 changed files with 103 additions and 57 deletions.
diff --git a/.changelog/9029.txt b/.changelog/9029.txt
@@ -0,0 +1,2 @@
+```release-note:none
+```
diff --git a/.changelog/9030.txt b/.changelog/9030.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+secretmanager: fixed an issue in `google_secretmanager_secret` where replacing `replication.automatic` with `replication.auto` would destroy and recreate the resource
+```
diff --git a/.changelog/9034.txt b/.changelog/9034.txt
@@ -0,0 +1,3 @@
+```release-note:none
+
+```
diff --git a/google/fwtransport/framework_config_test.go b/google/fwtransport/framework_config_test.go
@@ -336,61 +336,63 @@ func TestFrameworkProvider_LoadAndValidateFramework_credentials(t *testing.T) {
 	}
 }
 
-func TestFrameworkProvider_LoadAndValidateFramework_credentials_unknown(t *testing.T) {
-	// This test case is kept separate from other credentials tests, as it requires comparing
-	// error messages returned by two different error states:
-	// - When credentials = Null
-	// - When credentials = Unknown
-
-	t.Run("the same error is returned whether credentials is set as a null or unknown value (and access_token isn't set)", func(t *testing.T) {
-
-		// Arrange
-		acctest.UnsetTestProviderConfigEnvs(t)
-
-		ctx := context.Background()
-		tfVersion := "foobar"
-		providerversion := "999"
-
-		impersonateServiceAccountDelegates, _ := types.ListValue(types.StringType, []attr.Value{}) // empty list
-
-		// Null data and error collection
-		diagsNull := diag.Diagnostics{}
-		dataNull := fwmodels.ProviderModel{
-			Credentials: types.StringNull(),
-		}
-		dataNull.ImpersonateServiceAccountDelegates = impersonateServiceAccountDelegates
-
-		// Unknown data and error collection
-		diagsUnknown := diag.Diagnostics{}
-		dataUnknown := fwmodels.ProviderModel{
-			Credentials: types.StringUnknown(),
-		}
-		dataUnknown.ImpersonateServiceAccountDelegates = impersonateServiceAccountDelegates
-
-		pNull := fwtransport.FrameworkProviderConfig{}
-		pUnknown := fwtransport.FrameworkProviderConfig{}
-
-		// Act
-		pNull.LoadAndValidateFramework(ctx, &dataNull, tfVersion, &diagsNull, providerversion)
-		pUnknown.LoadAndValidateFramework(ctx, &dataUnknown, tfVersion, &diagsUnknown, providerversion)
-
-		// Assert
-		if !diagsNull.HasError() {
-			t.Fatalf("expect errors when credentials is null, but [%d] errors occurred", diagsNull.ErrorsCount())
-		}
-		if !diagsUnknown.HasError() {
-			t.Fatalf("expect errors when credentials is unknown, but [%d] errors occurred", diagsUnknown.ErrorsCount())
-		}
-
-		errNull := diagsNull.Errors()
-		errUnknown := diagsUnknown.Errors()
-		for i := 0; i < len(errNull); i++ {
-			if errNull[i] != errUnknown[i] {
-				t.Fatalf("expect errors to be the same for null and unknown credentials values, instead got \nnull=`%s` \nunknown=%s", errNull[i], errUnknown[i])
-			}
-		}
-	})
-}
+// NOTE: these tests can't run in Cloud Build due to ADC locating credentials despite `GOOGLE_APPLICATION_CREDENTIALS` being unset
+// See https://cloud.google.com/docs/authentication/application-default-credentials#search_order
+// Also, when running these tests locally you need to run `gcloud auth application-default revoke` to ensure your machine isn't supplying ADCs
+// func TestFrameworkProvider_LoadAndValidateFramework_credentials_unknown(t *testing.T) {
+// 	// This test case is kept separate from other credentials tests, as it requires comparing
+// 	// error messages returned by two different error states:
+// 	// - When credentials = Null
+// 	// - When credentials = Unknown
+
+// 	t.Run("the same error is returned whether credentials is set as a null or unknown value (and access_token isn't set)", func(t *testing.T) {
+// 		// Arrange
+// 		acctest.UnsetTestProviderConfigEnvs(t)
+
+// 		ctx := context.Background()
+// 		tfVersion := "foobar"
+// 		providerversion := "999"
+
+// 		impersonateServiceAccountDelegates, _ := types.ListValue(types.StringType, []attr.Value{}) // empty list
+
+// 		// Null data and error collection
+// 		diagsNull := diag.Diagnostics{}
+// 		dataNull := fwmodels.ProviderModel{
+// 			Credentials: types.StringNull(),
+// 		}
+// 		dataNull.ImpersonateServiceAccountDelegates = impersonateServiceAccountDelegates
+
+// 		// Unknown data and error collection
+// 		diagsUnknown := diag.Diagnostics{}
+// 		dataUnknown := fwmodels.ProviderModel{
+// 			Credentials: types.StringUnknown(),
+// 		}
+// 		dataUnknown.ImpersonateServiceAccountDelegates = impersonateServiceAccountDelegates
+
+// 		pNull := fwtransport.FrameworkProviderConfig{}
+// 		pUnknown := fwtransport.FrameworkProviderConfig{}
+
+// 		// Act
+// 		pNull.LoadAndValidateFramework(ctx, &dataNull, tfVersion, &diagsNull, providerversion)
+// 		pUnknown.LoadAndValidateFramework(ctx, &dataUnknown, tfVersion, &diagsUnknown, providerversion)
+
+// 		// Assert
+// 		if !diagsNull.HasError() {
+// 			t.Fatalf("expect errors when credentials is null, but [%d] errors occurred", diagsNull.ErrorsCount())
+// 		}
+// 		if !diagsUnknown.HasError() {
+// 			t.Fatalf("expect errors when credentials is unknown, but [%d] errors occurred", diagsUnknown.ErrorsCount())
+// 		}
+
+// 		errNull := diagsNull.Errors()
+// 		errUnknown := diagsUnknown.Errors()
+// 		for i := 0; i < len(errNull); i++ {
+// 			if errNull[i] != errUnknown[i] {
+// 				t.Fatalf("expect errors to be the same for null and unknown credentials values, instead got \nnull=`%s` \nunknown=%s", errNull[i], errUnknown[i])
+// 			}
+// 		}
+// 	})
+// }
 
 func TestFrameworkProvider_LoadAndValidateFramework_billingProject(t *testing.T) {
 

diff --git a/google/services/secretmanager/resource_secret_manager_secret.go b/google/services/secretmanager/resource_secret_manager_secret.go
@@ -18,18 +18,46 @@
 package secretmanager
 
 import (
+	"context"
 	"fmt"
 	"log"
 	"reflect"
 	"strings"
 	"time"
 
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/customdiff"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 
 	"github.com/hashicorp/terraform-provider-google/google/tpgresource"
 	transport_tpg "github.com/hashicorp/terraform-provider-google/google/transport"
 )
 
+// Prevent ForceNew when upgrading replication.automatic -> replication.auto
+func secretManagerSecretAutoCustomizeDiff(_ context.Context, diff *schema.ResourceDiff, meta interface{}) error {
+	oAutomatic, nAutomatic := diff.GetChange("replication.0.automatic")
+	_, nAuto := diff.GetChange("replication.0.auto")
+	autoLen := len(nAuto.([]interface{}))
+
+	// Do not ForceNew if we are removing "automatic" while adding "auto"
+	if oAutomatic == true && nAutomatic == false && autoLen > 0 {
+		return nil
+	}
+
+	if diff.HasChange("replication.0.automatic") {
+		if err := diff.ForceNew("replication.0.automatic"); err != nil {
+			return err
+		}
+	}
+
+	if diff.HasChange("replication.0.auto") {
+		if err := diff.ForceNew("replication.0.auto"); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
 func ResourceSecretManagerSecret() *schema.Resource {
 	return &schema.Resource{
 		Create: resourceSecretManagerSecretCreate,
@@ -47,6 +75,10 @@ func ResourceSecretManagerSecret() *schema.Resource {
 			Delete: schema.DefaultTimeout(20 * time.Minute),
 		},
 
+		CustomizeDiff: customdiff.All(
+			secretManagerSecretAutoCustomizeDiff,
+		),
+
 		Schema: map[string]*schema.Schema{
 			"replication": {
 				Type:     schema.TypeList,
@@ -60,7 +92,6 @@ after the Secret has been created.`,
 						"auto": {
 							Type:        schema.TypeList,
 							Optional:    true,
-							ForceNew:    true,
 							Description: `The Secret will automatically be replicated without any restrictions.`,
 							MaxItems:    1,
 							Elem: &schema.Resource{
@@ -90,7 +121,6 @@ encryption is used.`,
 							Type:         schema.TypeBool,
 							Optional:     true,
 							Deprecated:   "`automatic` is deprecated and will be removed in a future major release. Use `auto` instead.",
-							ForceNew:     true,
 							Description:  `The Secret will automatically be replicated without any restrictions.`,
 							ExactlyOneOf: []string{"replication.0.automatic", "replication.0.user_managed", "replication.0.auto"},
 						},

diff --git a/website/docs/guides/version_5_upgrade.html.markdown b/website/docs/guides/version_5_upgrade.html.markdown
@@ -525,3 +525,9 @@ resource "google_secret_manager_secret" "my-secret" {
 ### `google_identity_platform_project_default_config` has been removed from the provider
 
 Use the `google_identity_platform_config` resource instead. It contains a more comprehensive list of fields, and was created before `google_identity_platform_project_default_config` was added.
+
+## Resource: `google_compute_service_attachment`
+
+### `reconcile_connections` now defaults from API
+
+`reconcile_connections` previously defaults to true. Now it will default from the API.