Move checking for unmanaged config secrets from the read to the update

auth0 · Mar 1, 2023 · ed875de · ed875de
1 parent 813398f
commit ed875de
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 9 deletions.
diff --git a/internal/auth0/connection/expand.go b/internal/auth0/connection/expand.go
@@ -40,7 +40,7 @@ func expandConnection(d *schema.ResourceData) (*management.Connection, diag.Diag
 	config.GetAttr("options").ForEachElement(func(_ cty.Value, options cty.Value) (stop bool) {
 		switch strategy {
 		case management.ConnectionStrategyAuth0:
-			connection.Options, diagnostics = expandConnectionOptionsAuth0(options)
+			connection.Options, diagnostics = expandConnectionOptionsAuth0(d, options)
 		case management.ConnectionStrategyGoogleOAuth2:
 			connection.Options, diagnostics = expandConnectionOptionsGoogleOAuth2(d, options)
 		case management.ConnectionStrategyGoogleApps:
@@ -140,7 +140,10 @@ func expandConnectionOptionsGitHub(
 	return options, diag.FromErr(err)
 }
 
-func expandConnectionOptionsAuth0(config cty.Value) (*management.ConnectionOptions, diag.Diagnostics) {
+func expandConnectionOptionsAuth0(
+	d *schema.ResourceData,
+	config cty.Value,
+) (*management.ConnectionOptions, diag.Diagnostics) {
 	options := &management.ConnectionOptions{
 		PasswordPolicy:               value.String(config.GetAttr("password_policy")),
 		NonPersistentAttrs:           value.Strings(config.GetAttr("non_persistent_attrs")),
@@ -270,8 +273,27 @@ func expandConnectionOptionsAuth0(config cty.Value) (*management.ConnectionOptio
 
 	var err error
 	options.UpstreamParams, err = value.MapFromJSON(config.GetAttr("upstream_params"))
+	if err != nil {
+		return nil, diag.FromErr(err)
+	}
 
-	return options, diag.FromErr(err)
+	if !d.IsNewResource() {
+		dbSecretConfig, ok := d.GetOk("options.0.configuration")
+		if !ok {
+			dbSecretConfig = make(map[string]interface{})
+		}
+
+		diags := checkForUnmanagedConfigurationSecrets(
+			dbSecretConfig.(map[string]interface{}),
+			options.GetConfiguration(),
+		)
+
+		if diags.HasError() {
+			return nil, diags
+		}
+	}
+
+	return options, nil
 }
 
 func expandConnectionOptionsGoogleOAuth2(

diff --git a/internal/auth0/connection/flatten.go b/internal/auth0/connection/flatten.go
@@ -150,12 +150,7 @@ func flattenConnectionOptionsAuth0(
 	}
 	m["upstream_params"] = upstreamParams
 
-	diags := checkForUnmanagedConfigurationSecrets(
-		dbSecretConfig.(map[string]interface{}),
-		options.GetConfiguration(),
-	)
-
-	return m, diags
+	return m, nil
 }
 
 // checkForUnmanagedConfigurationSecrets is used to assess keys diff because values are sent back encrypted.