@@ -21,145 +21,10 @@ import (
2121 "strconv"
2222 "time"
2323
24- "github.com/hashicorp/terraform/helper/customdiff"
2524 "github.com/hashicorp/terraform/helper/schema"
2625 compute "google.golang.org/api/compute/v1"
2726)
2827
29- func customDiffComputeSnapshotSnapshotEncryptionKeys (diff * schema.ResourceDiff , meta interface {}) error {
30- oldConvenience , newConvenience := diff .GetChange ("snapshot_encryption_key_raw" )
31- oldNewField , newNewField := diff .GetChange ("snapshot_encryption_key.0.raw_key" )
32-
33- if newConvenience != "" && newNewField != "" {
34- return fmt .Errorf ("can't use snapshot_encryption_key_raw and snapshot_encryption_key.0.raw_key at the same time." +
35- "If you're removing snapshot_encryption_key.0.raw_key, set the value to \" \" instead. This is due to limitations in Terraform." )
36- }
37-
38- // Either field (convenience or new) has a value
39- // and then has another different value, so we ForceNew.
40- // We need to handle _EVERY_ ForceNew case in this diff
41- if oldConvenience != "" && newConvenience != "" && oldConvenience != newConvenience {
42- return diff .ForceNew ("snapshot_encryption_key_raw" )
43- }
44-
45- if oldNewField != "" && newNewField != "" && oldNewField != newNewField {
46- return diff .ForceNew ("snapshot_encryption_key.0.raw_key" )
47- }
48-
49- // Our resource isn't using either field, then uses one;
50- // ForceNew on whichever one is now using it.
51- if (oldConvenience == "" && oldNewField == "" && newConvenience != "" ) || (oldConvenience == "" && oldNewField == "" && newNewField != "" ) {
52- if oldConvenience == "" && newConvenience != "" {
53- return diff .ForceNew ("snapshot_encryption_key_raw" )
54- } else {
55- return diff .ForceNew ("snapshot_encryption_key.0.raw_key" )
56- }
57- }
58-
59- // convenience no longer used
60- if oldConvenience != "" && newConvenience == "" {
61- if newNewField == "" {
62- // convenience is being nulled, and the new field is empty as well
63- // we've stopped using the field altogether
64- return diff .ForceNew ("snapshot_encryption_key_raw" )
65- } else if oldConvenience != newNewField {
66- // convenience is being nulled, and the new field has a new value
67- // so we ForceNew on either field
68- return diff .ForceNew ("snapshot_encryption_key_raw" )
69- } else {
70- // If we reach it here, we're using the same value in the new field as we had in the convenience field
71- }
72- }
73-
74- // new no longer used
75- // note that it will remain _set_ because of how Computed fields work
76- // unset fields will have their values kept in state as a non-zero value
77- if oldNewField != "" && newNewField == "" {
78- if newConvenience == "" {
79- // new field is being nulled, and the convenience field is empty as well
80- // we've stopped using the field altogether
81- return diff .ForceNew ("snapshot_encryption_key.0.raw_key" )
82- } else if oldNewField != newConvenience {
83- // new is being nulled, and the convenience field has a new value
84- // so we ForceNew on either field
85-
86- // This stops a really opaque diffs don't match during apply error. Without this, wee see
87- // a diff from the old state -> new state with a ForceNew at plan time (as expected!)
88- // But during apply time the entire nested object is nil in old state unexpectedly.
89- // So we just force the diff to match more by nilling it here, which is unclear why it
90- // works, and probably a worse UX with some real ugly diff, but also makes the tests pass.
91- // Computed nested fields are hard.
92- err := diff .SetNew ("snapshot_encryption_key" , nil )
93- if err != nil {
94- return err
95- }
96-
97- return diff .ForceNew ("snapshot_encryption_key.0.raw_key" )
98- } else {
99- // If we reach it here, we're using the same value in the convenience field as we had in the new field
100- }
101- }
102-
103- return nil
104- }
105-
106- func customDiffComputeSnapshotSourceDiskEncryptionKeys (diff * schema.ResourceDiff , meta interface {}) error {
107- oldConvenience , newConvenience := diff .GetChange ("source_disk_encryption_key_raw" )
108- oldNewField , newNewField := diff .GetChange ("source_disk_encryption_key.0.raw_key" )
109-
110- // Either field has a value and then has another value
111- // We need to handle _EVERY_ ForceNew case in this diff
112- if oldConvenience != "" && newConvenience != "" && oldConvenience != newConvenience {
113- return diff .ForceNew ("source_disk_encryption_key_raw" )
114- }
115-
116- if oldNewField != "" && newNewField != "" && oldNewField != newNewField {
117- return diff .ForceNew ("source_disk_encryption_key.0.raw_key" )
118- }
119-
120- // Our resource isn't using either field, then uses one;
121- // ForceNew on whichever one is now using it.
122- if (oldConvenience == "" && oldNewField == "" && newConvenience != "" ) || (oldConvenience == "" && oldNewField == "" && newNewField != "" ) {
123- if oldConvenience == "" && newConvenience != "" {
124- return diff .ForceNew ("source_disk_encryption_key_raw" )
125- } else {
126- return diff .ForceNew ("source_disk_encryption_key.0.raw_key" )
127- }
128- }
129-
130- // convenience no longer used
131- if oldConvenience != "" && newConvenience == "" {
132- if newNewField == "" {
133- // convenience is being nulled, and the new field is empty as well
134- // we've stopped using the field altogether
135- return diff .ForceNew ("source_disk_encryption_key_raw" )
136- } else if oldConvenience != newNewField {
137- // convenience is being nulled, and the new field has a new value
138- // so we ForceNew on either field
139- return diff .ForceNew ("source_disk_encryption_key_raw" )
140- } else {
141- // If we reach it here, we're using the same value in the new field as we had in the convenience field
142- }
143- }
144-
145- // new no longer used
146- if oldNewField != "" && newNewField == "" {
147- if newConvenience == "" {
148- // new field is being nulled, and the convenience field is empty as well
149- // we've stopped using the field altogether
150- return diff .ForceNew ("source_disk_encryption_key.0.raw_key" )
151- } else if newConvenience != oldNewField {
152- // new is being nulled, and the convenience field has a new value
153- // so we ForceNew on either field
154- return diff .ForceNew ("source_disk_encryption_key.0.raw_key" )
155- } else {
156- // If we reach it here, we're using the same value in the convenience field as we had in the new field
157- }
158- }
159-
160- return nil
161- }
162-
16328func resourceComputeSnapshot () * schema.Resource {
16429 return & schema.Resource {
16530 Create : resourceComputeSnapshotCreate ,
@@ -177,11 +42,6 @@ func resourceComputeSnapshot() *schema.Resource {
17742 Delete : schema .DefaultTimeout (300 * time .Second ),
17843 },
17944
180- CustomizeDiff : customdiff .All (
181- customDiffComputeSnapshotSnapshotEncryptionKeys ,
182- customDiffComputeSnapshotSourceDiskEncryptionKeys ,
183- ),
184-
18545 Schema : map [string ]* schema.Schema {
18646 "name" : {
18747 Type : schema .TypeString ,
@@ -206,14 +66,15 @@ func resourceComputeSnapshot() *schema.Resource {
20666 },
20767 "snapshot_encryption_key" : {
20868 Type : schema .TypeList ,
209- Computed : true ,
21069 Optional : true ,
70+ ForceNew : true ,
21171 MaxItems : 1 ,
21272 Elem : & schema.Resource {
21373 Schema : map [string ]* schema.Schema {
21474 "raw_key" : {
21575 Type : schema .TypeString ,
21676 Optional : true ,
77+ ForceNew : true ,
21778 Sensitive : true ,
21879 },
21980 "sha256" : {
@@ -226,12 +87,14 @@ func resourceComputeSnapshot() *schema.Resource {
22687 "source_disk_encryption_key" : {
22788 Type : schema .TypeList ,
22889 Optional : true ,
90+ ForceNew : true ,
22991 MaxItems : 1 ,
23092 Elem : & schema.Resource {
23193 Schema : map [string ]* schema.Schema {
23294 "raw_key" : {
23395 Type : schema .TypeString ,
23496 Optional : true ,
97+ ForceNew : true ,
23598 Sensitive : true ,
23699 },
237100 },
@@ -278,29 +141,29 @@ func resourceComputeSnapshot() *schema.Resource {
278141 },
279142
280143 "snapshot_encryption_key_raw" : {
281- Type : schema .TypeString ,
282- Optional : true ,
283- Sensitive : true ,
284- Deprecated : "Use snapshot_encryption_key.raw_key instead." ,
144+ Type : schema .TypeString ,
145+ Optional : true ,
146+ Sensitive : true ,
147+ Removed : "Use snapshot_encryption_key.raw_key instead." ,
285148 },
286149
287150 "snapshot_encryption_key_sha256" : {
288- Type : schema .TypeString ,
289- Computed : true ,
290- Deprecated : "Use snapshot_encryption_key.sha256 instead." ,
151+ Type : schema .TypeString ,
152+ Computed : true ,
153+ Removed : "Use snapshot_encryption_key.sha256 instead." ,
291154 },
292155
293156 "source_disk_encryption_key_raw" : {
294- Type : schema .TypeString ,
295- Optional : true ,
296- Sensitive : true ,
297- Deprecated : "Use source_disk_encryption_key.raw_key instead." ,
157+ Type : schema .TypeString ,
158+ Optional : true ,
159+ Sensitive : true ,
160+ Removed : "Use source_disk_encryption_key.raw_key instead." ,
298161 },
299162
300163 "source_disk_encryption_key_sha256" : {
301- Type : schema .TypeString ,
302- Computed : true ,
303- Deprecated : "Use source_disk_encryption_key.sha256 instead." ,
164+ Type : schema .TypeString ,
165+ Computed : true ,
166+ Removed : "Use source_disk_encryption_key.sha256 instead." ,
304167 },
305168 "project" : {
306169 Type : schema .TypeString ,
@@ -713,47 +576,62 @@ func expandComputeSnapshotZone(v interface{}, d *schema.ResourceData, config *Co
713576
714577func expandComputeSnapshotSnapshotEncryptionKey (v interface {}, d * schema.ResourceData , config * Config ) (interface {}, error ) {
715578 l := v .([]interface {})
716- req := make ([]interface {}, 0 , 1 )
717- if len (l ) == 1 && l [0 ].(map [string ]interface {})["raw_key" ] != "" {
718- // There is a value
719- outMap := make (map [string ]interface {})
720- outMap ["rawKey" ] = l [0 ].(map [string ]interface {})["raw_key" ]
721- req = append (req , outMap )
722- } else {
723- // Check alternative setting?
724- if altV , ok := d .GetOk ("snapshot_encryption_key_raw" ); ok && altV != "" {
725- outMap := make (map [string ]interface {})
726- outMap ["rawKey" ] = altV
727- req = append (req , outMap )
728- }
579+ if len (l ) == 0 || l [0 ] == nil {
580+ return nil , nil
581+ }
582+ raw := l [0 ]
583+ original := raw .(map [string ]interface {})
584+ transformed := make (map [string ]interface {})
585+
586+ transformedRawKey , err := expandComputeSnapshotSnapshotEncryptionKeyRawKey (original ["raw_key" ], d , config )
587+ if err != nil {
588+ return nil , err
589+ } else if val := reflect .ValueOf (transformedRawKey ); val .IsValid () && ! isEmptyValue (val ) {
590+ transformed ["rawKey" ] = transformedRawKey
729591 }
730- return req , nil
592+
593+ transformedSha256 , err := expandComputeSnapshotSnapshotEncryptionKeySha256 (original ["sha256" ], d , config )
594+ if err != nil {
595+ return nil , err
596+ } else if val := reflect .ValueOf (transformedSha256 ); val .IsValid () && ! isEmptyValue (val ) {
597+ transformed ["sha256" ] = transformedSha256
598+ }
599+
600+ return transformed , nil
601+ }
602+
603+ func expandComputeSnapshotSnapshotEncryptionKeyRawKey (v interface {}, d * schema.ResourceData , config * Config ) (interface {}, error ) {
604+ return v , nil
605+ }
606+
607+ func expandComputeSnapshotSnapshotEncryptionKeySha256 (v interface {}, d * schema.ResourceData , config * Config ) (interface {}, error ) {
608+ return v , nil
731609}
732610
733611func expandComputeSnapshotSourceDiskEncryptionKey (v interface {}, d * schema.ResourceData , config * Config ) (interface {}, error ) {
734612 l := v .([]interface {})
735- req := make ([]interface {}, 0 , 1 )
736- if len (l ) == 1 {
737- // There is a value
738- outMap := make (map [string ]interface {})
739- outMap ["rawKey" ] = l [0 ].(map [string ]interface {})["raw_key" ]
740- req = append (req , outMap )
741- } else {
742- // Check alternative setting?
743- if altV , ok := d .GetOk ("source_disk_encryption_key_raw" ); ok && altV != "" {
744- outMap := make (map [string ]interface {})
745- outMap ["rawKey" ] = altV
746- req = append (req , outMap )
747- }
613+ if len (l ) == 0 || l [0 ] == nil {
614+ return nil , nil
748615 }
749- return req , nil
616+ raw := l [0 ]
617+ original := raw .(map [string ]interface {})
618+ transformed := make (map [string ]interface {})
619+
620+ transformedRawKey , err := expandComputeSnapshotSourceDiskEncryptionKeyRawKey (original ["raw_key" ], d , config )
621+ if err != nil {
622+ return nil , err
623+ } else if val := reflect .ValueOf (transformedRawKey ); val .IsValid () && ! isEmptyValue (val ) {
624+ transformed ["rawKey" ] = transformedRawKey
625+ }
626+
627+ return transformed , nil
628+ }
629+
630+ func expandComputeSnapshotSourceDiskEncryptionKeyRawKey (v interface {}, d * schema.ResourceData , config * Config ) (interface {}, error ) {
631+ return v , nil
750632}
751633
752634func resourceComputeSnapshotDecoder (d * schema.ResourceData , meta interface {}, res map [string ]interface {}) (map [string ]interface {}, error ) {
753635 d .Set ("source_disk_link" , ConvertSelfLinkToV1 (res ["sourceDisk" ].(string )))
754- if snapshotEncryptionKey := res ["snapshotEncryptionKey" ]; snapshotEncryptionKey != nil {
755- d .Set ("snapshot_encryption_key_sha256" , snapshotEncryptionKey .((map [string ]interface {}))["sha256" ])
756- }
757-
758636 return res , nil
759637}
0 commit comments