Allow optional data to be set externally when provided #1171
Conversation
ghost
added
the
|
Thank you for your submission! We require that all contributors sign our Contributor License Agreement ("CLA") before we can accept the contribution. Read and sign the agreement Learn more about why HashiCorp requires a CLA and what the CLA includes Nolan Woods seems not to be a GitHub user. Have you signed the CLA already but the status is still pending? Recheck it. |
There was a problem hiding this comment.
Hi,
Having a quick look at these changes, I think what you're trying to achieve here is the equivalent of setting a Computed: true property on the schema definition for the "data" attribute. So these changes are not needed, you could just set the above property.
However, taking a step back (like I suggested in issue #1168), I would like to point out that making this change will result in a functional regression on the provider. Users relying on Terraform to provision their secret data will want to ensure they detect drift or alterations to that secret data and this change will inhibit that. This is particularly important for resources like Secret since they carry authentication information that I imagine users would really like to keep consistent.
So rather than jumping to solutions, I would like to work with you to first understand why are you creating the secret with Terraform to begin with if Terraform isn't the source of truth for it's contents. It would be perfectly acceptable to not mange this secret with Terraform and instead allow the application that is setting it's contents to fully manage it as well.
I'd suggest we move the conversation back to the issue and explore this scenario there.
|
I can comment further on the issue but should point out that |
Description
Closes #1168
Acceptance tests
Output from acceptance testing:
Release Note
Release note for CHANGELOG:
Community Note