Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updating the private_key field in datadog_integration_gcp doesn't update the private key. #993

Closed
hannesg opened this issue Mar 18, 2021 · 0 comments · Fixed by #1013
Closed

Updating the private_key field in datadog_integration_gcp doesn't update the private key. #993

hannesg opened this issue Mar 18, 2021 · 0 comments · Fixed by #1013

Comments

@hannesg
Copy link

hannesg commented Mar 18, 2021

Hi there,

Terraform Version

Terraform v0.14.6
+ provider registry.terraform.io/datadog/datadog v2.20.0
+ provider registry.terraform.io/hashicorp/google v3.54.0
+ provider registry.terraform.io/hashicorp/time v0.6.0

Affected Resource(s)

  • datadog_integration_gcp

Terraform Configuration Files

resource "google_service_account" "datadog" {
  account_id = "datadog"
  display_name = "Datadog Crawler"
}

resource "google_service_account_key" "datadog" {
  service_account_id = google_service_account.datadog.name

  keepers = {
    rotation_time = "1" # <- update this here to trigger the key rotation
  }
}

resource "google_project_iam_member" "datadog_service_role" {
  # Roles recommended by datadog
  # https://docs.datadoghq.com/integrations/google_cloud_platform/?tab=datadogussite#setup
  for_each = toset(["roles/compute.viewer", "roles/monitoring.viewer", "roles/cloudasset.viewer"])
  role     = each.key
  member   = "serviceAccount:${google_service_account.datadog.email}"
}

resource "datadog_integration_gcp" "this" {
  project_id     =  data.google_project.this.project_id
  private_key_id =  jsondecode(base64decode(google_service_account_key.datadog.private_key))["private_key_id"]
  private_key    =  jsondecode(base64decode(google_service_account_key.datadog.private_key))["private_key"]
  client_email   =  google_service_account.datadog.email
  client_id      =  google_service_account.datadog.unique_id
  host_filters   =  "!goog-gke-node"
}

Expected Behavior

Updating the private_key of the gcp integration updates the key in datadog. This may include a destroy + create.

Actual Behavior

Updating the private_key of the gcp integration doesn't update the key in datadog. The gcp integration continues to use the old key and becomes "broken" in datadog.

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

  1. terraform apply
  2. Update keepers.rotation_time in the google_service_account_key resource to anything but "1"
  3. terraform apply again

Important Factoids

  • Rotating the gcp key doesn't change the key id but only the key content.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Set ForceNew to true on non-updatable GCP resource fields DataDog/terraform-provider-datadog
1 participant
@hannesg