Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[DXCDT-156] Add warnings for untracked hook secrets #189

Merged
merged 3 commits into from
Jun 16, 2022

Conversation

sergiught
Copy link
Contributor

@sergiught sergiught commented Jun 16, 2022

Description

While taking a look at #40, I wasn't able to reproduce the issue with the secrets. I am suspecting that the issue was actually present in the go-auth0 SDK in this func https://github.com/auth0/go-auth0/blob/fcf36e271b507a9af6e2c281013f93181a9d8753/management/hook.go#L143 that eventually got fixed through a newer version.

However, we made the hook resource implementation more robust with this PR and we are now throwing out warnings in case we encounter secrets that aren't being tracked through terraform. e.g.

╷
│ Warning: Unexpected Hook Secrets
│
│   with auth0_hook.my_hook,
│   on main.tf line 22, in resource "auth0_hook" "my_hook":
│   22:   secrets = {
│   23:     foo = "foo"
│   24:     car = "car"
│   25:   }
│
│ Found unexpected hook secrets with key: test. To prevent issues, manage them through terraform. If you've just imported this
│ resource (and your secrets match), to make this warning disappear, run a terraform apply.

When we import hooks the first time, even if the secrets match 100% with the secrets found in the dashboard, the warnings will still be present as we only update the state file with the secrets on a create / update (terraform apply). This is due to the fact that the values aren't being shown while fetching the secrets.

At the present moment with the current version of our terraform sdk, we aren't able to have warnings tested through test steps. There's an issue tracking this however over here: hashicorp/terraform-plugin-testing#69

Checklist

Note: Checklist required to be completed before a PR is considered to be reviewable.

Auth0 Code of Conduct

Auth0 General Contribution Guidelines

Changes include test coverage?

  • Yes
  • Not needed

Does the description provide the correct amount of context?

  • Yes, the description provides enough context for the reviewer to understand what these changes accomplish

Have you updated the documentation?

  • Yes, I've updated the appropriate docs
  • Not needed

Is this code ready for production?

  • Yes, all code changes are intentional and no debugging calls are left over

@sergiught sergiught self-assigned this Jun 16, 2022
@sergiught sergiught force-pushed the patch/DXCDT-156-ISSUE-40 branch from 5f91234 to b609fb5 Compare June 16, 2022 09:58
@codecov-commenter
Copy link

codecov-commenter commented Jun 16, 2022

Codecov Report

Merging #189 (b609fb5) into main (8324b74) will decrease coverage by 0.19%.
The diff coverage is 63.46%.

@@            Coverage Diff             @@
##             main     hashicorp/terraform-plugin-sdk#189      +/-   ##
==========================================
- Coverage   84.02%   83.83%   -0.20%     
==========================================
  Files          35       35              
  Lines        6029     6056      +27     
==========================================
+ Hits         5066     5077      +11     
- Misses        762      775      +13     
- Partials      201      204       +3     
Impacted Files Coverage Δ
auth0/resource_auth0_hook.go 74.55% <63.46%> (-6.43%) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 8324b74...b609fb5. Read the comment docs.

Copy link
Contributor Author

@sergiught sergiught left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Adding a few comments to aid with reviewing.

@@ -73,15 +75,15 @@ func newHook() *schema.Resource {
}

func createHook(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
hook := buildHook(d)
hook := expandHook(d)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Renaming this so we stay consistent with the "expand" and "flatten" nomenclature.

api := m.(*management.Management)
if err := api.Hook.Create(hook); err != nil {
return diag.FromErr(err)
}

d.SetId(auth0.StringValue(hook.ID))
d.SetId(hook.GetID())
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There shouldn't be a need anywhere in the codebase to use the auth0 pointer to value helper funcs, as we have accessor methods on pointer fields from the go-auth0 SDK.


if err := upsertHookSecrets(d, m); err != nil {
if err := upsertHookSecrets(ctx, d, m); err != nil {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bringing the signature of this func in line with all the others, making sure we pass context first.

We should evolve go-auth0 in the future to accept the context, for higher control over the request timeouts.

Comment on lines +161 to +173
var warnings diag.Diagnostics
for key := range secretsFromAPI {
if _, ok := secretsFromConfig[key]; !ok {
warnings = append(warnings, diag.Diagnostic{
Severity: diag.Warning,
Summary: "Unexpected Hook Secrets",
Detail: fmt.Sprintf("Found unexpected hook secrets with key: %s. ", key) +
"To prevent issues, manage them through terraform. If you've just imported this resource " +
"(and your secrets match), to make this warning disappear, run a terraform apply.",
AttributePath: cty.Path{cty.GetAttrStep{Name: "secrets"}},
})
}
}
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Secrets are not part of the response of the GET Hook details. To fetch them we need to use the following endpoint https://auth0.com/docs/api/management/v2#!/Hooks/get_secrets. However the actual values are never shown, only the presence of certain keys. To aid our users, this will now throw warnings in the terminal with suggestions on what secrets to start tracking. e.g.

╷
│ Warning: Unexpected Hook Secrets
│
│   with auth0_hook.my_hook,
│   on main.tf line 22, in resource "auth0_hook" "my_hook":
│   22:   secrets = {
│   23:     foo = "foo"
│   24:     car = "car"
│   25:   }
│
│ Found unexpected hook secrets with key: test. To prevent issues, manage them through terraform. If you've just imported this
│ resource (and your secrets match), to make this warning disappear, run a terraform apply.

@sergiught sergiught marked this pull request as ready for review June 16, 2022 10:12
@sergiught sergiught requested a review from a team as a code owner June 16, 2022 10:12
Copy link
Contributor

@willvedd willvedd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Issues that fix themselves are my favorite! The addition of tests and warnings is very sensible and an n+1 to our users.

@sergiught sergiught merged commit 754d4e3 into main Jun 16, 2022
@sergiught sergiught deleted the patch/DXCDT-156-ISSUE-40 branch June 16, 2022 11:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants