Skip to content

Fix an issue which cause failure when updating a sub-CA #12495

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Dec 9, 2024
Merged

Fix an issue which cause failure when updating a sub-CA #12495

merged 1 commit into from
Dec 9, 2024

Conversation

gfxcc
Copy link
Contributor

@gfxcc gfxcc commented Dec 5, 2024
edited
Loading

See b/382313978 for details

Release Note Template for Downstream PRs (will be copied)

See Write release notes for guidance.

privateca: fixed an issue which causes error when updating labels for activated sub-CA

@github-actions github-actions bot requested a review from ScottSuarez December 5, 2024 03:04
@github-actions GitHub Actions
Copy link

github-actions bot commented Dec 5, 2024

Hello! I am a robot. Tests will require approval from a repository maintainer to run.

@ScottSuarez, a repository maintainer, has been assigned to review your changes. If you have not received review feedback within 2 business days, please leave a comment on this PR asking them to take a look.

You can help make sure that review is quick by doing a self-review and by running impacted tests locally.

@modular-magician
Copy link
Collaborator

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 2 files changed, 64 insertions(+), 3 deletions(-))
google-beta provider: Diff ( 2 files changed, 64 insertions(+), 3 deletions(-))

@modular-magician
Copy link
Collaborator

Tests analytics

Total tests: 40
Passed tests: 32
Skipped tests: 8
Affected tests: 0

Click here to see the affected service packages
  • privateca
#### Non-exercised tests

🔴 Tests were added that are skipped in VCR:

  • TestAccPrivatecaCertificateAuthority_subordinateCaCanUpdateLabel
    🟢 All tests passed!

View the build log

ScottSuarez
ScottSuarez reviewed Dec 6, 2024
View reviewed changes
mmv1/templates/terraform/pre_update/privateca_certificate_authority.go.tmpl
// directly by older version of providers.
// For backward compatibility, delete `certificateAuthority` only if `pemIssuerChain` is presented.
if _, ok := subConfig["pemIssuerChain"]; ok {
delete(subConfig, "certificateAuthority")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm worried about API state here.

We are explicitly removing certificateAuthority from the API request then it is possible API state will no longer retain subordinateConfig.certificateAuthority while the users config will. Resulting in a diff.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

certificateAuthority was not be sent to API backend. It was only used to fetch pemIssuerChain which is the value specified when calling backend.
With that, certificateAuthority only stay locally.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

API does retain this value
https://cloud.google.com/certificate-authority-service/docs/reference/rest/v1/projects.locations.caPools.certificateAuthorities#SubordinateConfig

and we do read it from the API. https://github.com/modular-magician/terraform-provider-google-beta/blob/8205ebe14bc69d903151fea9c192ddfb56c6b43a/google-beta/services/privateca/resource_privateca_certificate_authority.go#L1091

Just because the API isn't using the value doesn't mean it doesn't retain a state for it. This call will cause a diff between API state and users config.

@ScottSuarez
Copy link
Contributor

I also left a comment on the bug. I am not sure why API is not respecting updateMask here

@ScottSuarez ScottSuarez merged commit 172e79f into GoogleCloudPlatform:main Dec 9, 2024
15 checks passed
This was referenced Dec 9, 2024
Merged
Merged
amanMahendroo pushed a commit to amanMahendroo/magic-modules that referenced this pull request Dec 17, 2024
@gfxcc @amanMahendroo
Fix an issue which cause failure when updating a sub-CA (GoogleCloudP…
f5790ec 
…latform#12495)
niharika-98 pushed a commit to niharika-98/magic-modules that referenced this pull request Feb 17, 2025
@gfxcc @niharika-98
Fix an issue which cause failure when updating a sub-CA (GoogleCloudP…
6e694aa 
…latform#12495)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ScottSuarez ScottSuarez ScottSuarez approved these changes

Assignees
No one assigned
Labels
service/privateca
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@gfxcc @modular-magician @ScottSuarez