make pemCertificate sensitive (#7114) (#13505)

* make pemCertificate sensitive * make pemPrivateKey sensitive * remove sensitive on selfManaged.pemCertificate and selfManaged Co-authored-by: Edward Sun <sunedward@google.com> Signed-off-by: Modular Magician <magic-modules@google.com> Signed-off-by: Modular Magician <magic-modules@google.com> Co-authored-by: Edward Sun <sunedward@google.com>
hashicorp · Jan 17, 2023 · 799d954 · 799d954
1 parent 2ec420e
commit 799d954
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 3 deletions.
diff --git a/.changelog/7114.txt b/.changelog/7114.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+certificatemanager: removed incorrect indication that the `self_managed` field in `google_certificate_manager_certificate` was treated as sensitive, and marked `self_managed.pem_private_key` as sensitive
+```
diff --git a/google/resource_certificate_manager_certificate.go b/google/resource_certificate_manager_certificate.go
@@ -206,6 +206,7 @@ Leaf certificate comes first, followed by intermediate ones if any.`,
 							Type:         schema.TypeString,
 							Optional:     true,
 							Description:  `The private key of the leaf certificate in PEM-encoded form.`,
+							Sensitive:    true,
 							ExactlyOneOf: []string{"self_managed.0.private_key_pem", "self_managed.0.pem_private_key"},
 						},
 						"private_key_pem": {
@@ -218,7 +219,6 @@ Leaf certificate comes first, followed by intermediate ones if any.`,
 						},
 					},
 				},
-				Sensitive:    true,
 				ExactlyOneOf: []string{"self_managed", "managed"},
 			},
 			"project": {

diff --git a/website/docs/r/certificate_manager_certificate.html.markdown b/website/docs/r/certificate_manager_certificate.html.markdown
@@ -24,7 +24,7 @@ Certificate represents a HTTP-reachable backend for a Certificate.
 
 
 
-~> **Warning:** All arguments including `self_managed`, `self_managed.certificate_pem`, and `self_managed.private_key_pem` will be stored in the raw
+~> **Warning:** All arguments including `self_managed.certificate_pem`, `self_managed.private_key_pem`, and `self_managed.pem_private_key` will be stored in the raw
 state as plain-text. [Read more about sensitive data in state](https://www.terraform.io/language/state/sensitive-data).
 
 <div class = "oics-button" style="float: right; margin: 0 0 -15px">
@@ -84,7 +84,6 @@ The following arguments are supported:
   Certificate data for a SelfManaged Certificate.
   SelfManaged Certificates are uploaded by the user. Updating such
   certificates before they expire remains the user's responsibility.
-  **Note**: This property is sensitive and will not be displayed in the plan.
   Structure is [documented below](#nested_self_managed).
 
 * `managed` -
@@ -119,6 +118,7 @@ The following arguments are supported:
 * `pem_private_key` -
   (Optional)
   The private key of the leaf certificate in PEM-encoded form.
+  **Note**: This property is sensitive and will not be displayed in the plan.
 
 <a name="nested_managed"></a>The `managed` block supports: