-
Notifications
You must be signed in to change notification settings - Fork 632
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for worker text bindings #710
Add support for worker text bindings #710
Conversation
I've kicked off an integration test run for this one and will report the findings back shortly. |
Looks like we've got a new failure.
|
@jacobbednarz Thanks, I think I might be misunderstanding the map provided by terraform from the |
@jacobbednarz can you try it again? If it doesn’t pass this time I’ll put some more work into figuring out how to test it myself properly. |
a9427b6
to
e3464b5
Compare
I have things working locally but appear to have run into hashicorp/terraform#21901 on |
@jacobbednarz I've resolved the secret text issue by using the text value from the existing resource during read. This seems to be how other providers work, i.e. AWS resources with passwords. The bindings only cause a change in two cases now:
For 2, I didn't see the APIs available to handle it within the cloudflare package or documented on their site. Having the diff show up each time is probably enough to prompt that it's not being deleted properly, but happy to document this behavior and how to delete it from the cloudflare UI. |
@blakeembrey That seems like a reasonable fix. We do have other cases of write-once-never-seen-again APIs in Cloudflare however their values are just masked so we write the masked value to state instead of pulling it from the schema. Your second point is also fine for now 👍 If it becomes a bigger issue than we can poke Cloudflare to improve the UX somehow. |
Sweet, I ported all my local code to use this and it's been working great so far. By masked value do you mean an empty string or a value like |
Masked value of asterisks I'll kick off an integration test run and 🤞 we're ready to roll! |
Integration is looking good! I'm going to leave this for today and make sure that no one else has any thoughts before we land this one. Thanks for the PR so far 🙇 |
@jacobbednarz Any opinion on using the singular
This would make the change backward compatible (no need to deprecate the existing binding) and makes something like the concealed |
I personally prefer the individual blocks as it is more explicit and gives us a little more flexibility with changes to individual resources. In turn, you end up with less complex code branches and more readable code. If you want to swap it over to help with backwards compatibility, I'd be 👍 for it. |
@jacobbednarz Done, though I couldn't get the concealed text behavior to easily work within the set so I fell back on the existing logic of looking up the previous value to diff. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is really great, thanks @blakeembrey! i've just kicked off a final integration test run and we'll land this as soon as that is green.
Awesome! Really excited to see it released 😄 |
…evel-for-rulesets ruleset: add sensitivity level for overrides
Closes https://github.com/terraform-providers/terraform-provider-cloudflare/issues/615, closes https://github.com/terraform-providers/terraform-provider-cloudflare/issues/164. Not entirely sure on the terraform idioms so feel free to correct anything I'm doing incorrectly.
I wanted to use separate keys inbinding
because they have different requirements for things likesensitive
and possibly values in the future. The key in the schema determines the "type" of the binding, e.g.secret_text
,plain_text
orkv_namespace_id
. Roughly follows https://github.com/terraform-providers/terraform-provider-cloudflare/issues/615#issuecomment-598801105 but didn't see the need for specifyingtype
since every binding is different enough so far they can be differentiated easily by the key set.We ended up using separate
binding
groups for each type of binding since it makes validation in Terraform a lot easier to do and maintains backward compatibility with the existingkv_namespace_binding
.