@@ -21,145 +21,10 @@ import (
2121 "strconv"
2222 "time"
2323
24- "github.com/hashicorp/terraform/helper/customdiff"
2524 "github.com/hashicorp/terraform/helper/schema"
2625 compute "google.golang.org/api/compute/v1"
2726)
2827
29- func customDiffComputeSnapshotSnapshotEncryptionKeys (diff * schema.ResourceDiff , meta interface {}) error {
30- oldConvenience , newConvenience := diff .GetChange ("snapshot_encryption_key_raw" )
31- oldNewField , newNewField := diff .GetChange ("snapshot_encryption_key.0.raw_key" )
32-
33- if newConvenience != "" && newNewField != "" {
34- return fmt .Errorf ("can't use snapshot_encryption_key_raw and snapshot_encryption_key.0.raw_key at the same time." +
35- "If you're removing snapshot_encryption_key.0.raw_key, set the value to \" \" instead. This is due to limitations in Terraform." )
36- }
37-
38- // Either field (convenience or new) has a value
39- // and then has another different value, so we ForceNew.
40- // We need to handle _EVERY_ ForceNew case in this diff
41- if oldConvenience != "" && newConvenience != "" && oldConvenience != newConvenience {
42- return diff .ForceNew ("snapshot_encryption_key_raw" )
43- }
44-
45- if oldNewField != "" && newNewField != "" && oldNewField != newNewField {
46- return diff .ForceNew ("snapshot_encryption_key.0.raw_key" )
47- }
48-
49- // Our resource isn't using either field, then uses one;
50- // ForceNew on whichever one is now using it.
51- if (oldConvenience == "" && oldNewField == "" && newConvenience != "" ) || (oldConvenience == "" && oldNewField == "" && newNewField != "" ) {
52- if oldConvenience == "" && newConvenience != "" {
53- return diff .ForceNew ("snapshot_encryption_key_raw" )
54- } else {
55- return diff .ForceNew ("snapshot_encryption_key.0.raw_key" )
56- }
57- }
58-
59- // convenience no longer used
60- if oldConvenience != "" && newConvenience == "" {
61- if newNewField == "" {
62- // convenience is being nulled, and the new field is empty as well
63- // we've stopped using the field altogether
64- return diff .ForceNew ("snapshot_encryption_key_raw" )
65- } else if oldConvenience != newNewField {
66- // convenience is being nulled, and the new field has a new value
67- // so we ForceNew on either field
68- return diff .ForceNew ("snapshot_encryption_key_raw" )
69- } else {
70- // If we reach it here, we're using the same value in the new field as we had in the convenience field
71- }
72- }
73-
74- // new no longer used
75- // note that it will remain _set_ because of how Computed fields work
76- // unset fields will have their values kept in state as a non-zero value
77- if oldNewField != "" && newNewField == "" {
78- if newConvenience == "" {
79- // new field is being nulled, and the convenience field is empty as well
80- // we've stopped using the field altogether
81- return diff .ForceNew ("snapshot_encryption_key.0.raw_key" )
82- } else if oldNewField != newConvenience {
83- // new is being nulled, and the convenience field has a new value
84- // so we ForceNew on either field
85-
86- // This stops a really opaque diffs don't match during apply error. Without this, wee see
87- // a diff from the old state -> new state with a ForceNew at plan time (as expected!)
88- // But during apply time the entire nested object is nil in old state unexpectedly.
89- // So we just force the diff to match more by nilling it here, which is unclear why it
90- // works, and probably a worse UX with some real ugly diff, but also makes the tests pass.
91- // Computed nested fields are hard.
92- err := diff .SetNew ("snapshot_encryption_key" , nil )
93- if err != nil {
94- return err
95- }
96-
97- return diff .ForceNew ("snapshot_encryption_key.0.raw_key" )
98- } else {
99- // If we reach it here, we're using the same value in the convenience field as we had in the new field
100- }
101- }
102-
103- return nil
104- }
105-
106- func customDiffComputeSnapshotSourceDiskEncryptionKeys (diff * schema.ResourceDiff , meta interface {}) error {
107- oldConvenience , newConvenience := diff .GetChange ("source_disk_encryption_key_raw" )
108- oldNewField , newNewField := diff .GetChange ("source_disk_encryption_key.0.raw_key" )
109-
110- // Either field has a value and then has another value
111- // We need to handle _EVERY_ ForceNew case in this diff
112- if oldConvenience != "" && newConvenience != "" && oldConvenience != newConvenience {
113- return diff .ForceNew ("source_disk_encryption_key_raw" )
114- }
115-
116- if oldNewField != "" && newNewField != "" && oldNewField != newNewField {
117- return diff .ForceNew ("source_disk_encryption_key.0.raw_key" )
118- }
119-
120- // Our resource isn't using either field, then uses one;
121- // ForceNew on whichever one is now using it.
122- if (oldConvenience == "" && oldNewField == "" && newConvenience != "" ) || (oldConvenience == "" && oldNewField == "" && newNewField != "" ) {
123- if oldConvenience == "" && newConvenience != "" {
124- return diff .ForceNew ("source_disk_encryption_key_raw" )
125- } else {
126- return diff .ForceNew ("source_disk_encryption_key.0.raw_key" )
127- }
128- }
129-
130- // convenience no longer used
131- if oldConvenience != "" && newConvenience == "" {
132- if newNewField == "" {
133- // convenience is being nulled, and the new field is empty as well
134- // we've stopped using the field altogether
135- return diff .ForceNew ("source_disk_encryption_key_raw" )
136- } else if oldConvenience != newNewField {
137- // convenience is being nulled, and the new field has a new value
138- // so we ForceNew on either field
139- return diff .ForceNew ("source_disk_encryption_key_raw" )
140- } else {
141- // If we reach it here, we're using the same value in the new field as we had in the convenience field
142- }
143- }
144-
145- // new no longer used
146- if oldNewField != "" && newNewField == "" {
147- if newConvenience == "" {
148- // new field is being nulled, and the convenience field is empty as well
149- // we've stopped using the field altogether
150- return diff .ForceNew ("source_disk_encryption_key.0.raw_key" )
151- } else if newConvenience != oldNewField {
152- // new is being nulled, and the convenience field has a new value
153- // so we ForceNew on either field
154- return diff .ForceNew ("source_disk_encryption_key.0.raw_key" )
155- } else {
156- // If we reach it here, we're using the same value in the convenience field as we had in the new field
157- }
158- }
159-
160- return nil
161- }
162-
16328func resourceComputeSnapshot () * schema.Resource {
16429 return & schema.Resource {
16530 Create : resourceComputeSnapshotCreate ,
@@ -176,10 +41,6 @@ func resourceComputeSnapshot() *schema.Resource {
17641 Update : schema .DefaultTimeout (300 * time .Second ),
17742 Delete : schema .DefaultTimeout (300 * time .Second ),
17843 },
179- CustomizeDiff : customdiff .All (
180- customDiffComputeSnapshotSnapshotEncryptionKeys ,
181- customDiffComputeSnapshotSourceDiskEncryptionKeys ,
182- ),
18344
18445 Schema : map [string ]* schema.Schema {
18546 "name" : {
@@ -205,14 +66,15 @@ func resourceComputeSnapshot() *schema.Resource {
20566 },
20667 "snapshot_encryption_key" : {
20768 Type : schema .TypeList ,
208- Computed : true ,
20969 Optional : true ,
70+ ForceNew : true ,
21071 MaxItems : 1 ,
21172 Elem : & schema.Resource {
21273 Schema : map [string ]* schema.Schema {
21374 "raw_key" : {
21475 Type : schema .TypeString ,
21576 Optional : true ,
77+ ForceNew : true ,
21678 Sensitive : true ,
21779 },
21880 "sha256" : {
@@ -225,12 +87,14 @@ func resourceComputeSnapshot() *schema.Resource {
22587 "source_disk_encryption_key" : {
22688 Type : schema .TypeList ,
22789 Optional : true ,
90+ ForceNew : true ,
22891 MaxItems : 1 ,
22992 Elem : & schema.Resource {
23093 Schema : map [string ]* schema.Schema {
23194 "raw_key" : {
23295 Type : schema .TypeString ,
23396 Optional : true ,
97+ ForceNew : true ,
23498 Sensitive : true ,
23599 },
236100 },
@@ -277,29 +141,29 @@ func resourceComputeSnapshot() *schema.Resource {
277141 },
278142
279143 "snapshot_encryption_key_raw" : {
280- Type : schema .TypeString ,
281- Optional : true ,
282- Sensitive : true ,
283- Deprecated : "Use snapshot_encryption_key.raw_key instead." ,
144+ Type : schema .TypeString ,
145+ Optional : true ,
146+ Sensitive : true ,
147+ Removed : "Use snapshot_encryption_key.raw_key instead." ,
284148 },
285149
286150 "snapshot_encryption_key_sha256" : {
287- Type : schema .TypeString ,
288- Computed : true ,
289- Deprecated : "Use snapshot_encryption_key.sha256 instead." ,
151+ Type : schema .TypeString ,
152+ Computed : true ,
153+ Removed : "Use snapshot_encryption_key.sha256 instead." ,
290154 },
291155
292156 "source_disk_encryption_key_raw" : {
293- Type : schema .TypeString ,
294- Optional : true ,
295- Sensitive : true ,
296- Deprecated : "Use source_disk_encryption_key.raw_key instead." ,
157+ Type : schema .TypeString ,
158+ Optional : true ,
159+ Sensitive : true ,
160+ Removed : "Use source_disk_encryption_key.raw_key instead." ,
297161 },
298162
299163 "source_disk_encryption_key_sha256" : {
300- Type : schema .TypeString ,
301- Computed : true ,
302- Deprecated : "Use source_disk_encryption_key.sha256 instead." ,
164+ Type : schema .TypeString ,
165+ Computed : true ,
166+ Removed : "Use source_disk_encryption_key.sha256 instead." ,
303167 },
304168 "project" : {
305169 Type : schema .TypeString ,
@@ -712,47 +576,62 @@ func expandComputeSnapshotZone(v interface{}, d *schema.ResourceData, config *Co
712576
713577func expandComputeSnapshotSnapshotEncryptionKey (v interface {}, d * schema.ResourceData , config * Config ) (interface {}, error ) {
714578 l := v .([]interface {})
715- req := make ([]interface {}, 0 , 1 )
716- if len (l ) == 1 && l [0 ].(map [string ]interface {})["raw_key" ] != "" {
717- // There is a value
718- outMap := make (map [string ]interface {})
719- outMap ["rawKey" ] = l [0 ].(map [string ]interface {})["raw_key" ]
720- req = append (req , outMap )
721- } else {
722- // Check alternative setting?
723- if altV , ok := d .GetOk ("snapshot_encryption_key_raw" ); ok && altV != "" {
724- outMap := make (map [string ]interface {})
725- outMap ["rawKey" ] = altV
726- req = append (req , outMap )
727- }
579+ if len (l ) == 0 || l [0 ] == nil {
580+ return nil , nil
728581 }
729- return req , nil
582+ raw := l [0 ]
583+ original := raw .(map [string ]interface {})
584+ transformed := make (map [string ]interface {})
585+
586+ transformedRawKey , err := expandComputeSnapshotSnapshotEncryptionKeyRawKey (original ["raw_key" ], d , config )
587+ if err != nil {
588+ return nil , err
589+ } else if val := reflect .ValueOf (transformedRawKey ); val .IsValid () && ! isEmptyValue (val ) {
590+ transformed ["rawKey" ] = transformedRawKey
591+ }
592+
593+ transformedSha256 , err := expandComputeSnapshotSnapshotEncryptionKeySha256 (original ["sha256" ], d , config )
594+ if err != nil {
595+ return nil , err
596+ } else if val := reflect .ValueOf (transformedSha256 ); val .IsValid () && ! isEmptyValue (val ) {
597+ transformed ["sha256" ] = transformedSha256
598+ }
599+
600+ return transformed , nil
601+ }
602+
603+ func expandComputeSnapshotSnapshotEncryptionKeyRawKey (v interface {}, d * schema.ResourceData , config * Config ) (interface {}, error ) {
604+ return v , nil
605+ }
606+
607+ func expandComputeSnapshotSnapshotEncryptionKeySha256 (v interface {}, d * schema.ResourceData , config * Config ) (interface {}, error ) {
608+ return v , nil
730609}
731610
732611func expandComputeSnapshotSourceDiskEncryptionKey (v interface {}, d * schema.ResourceData , config * Config ) (interface {}, error ) {
733612 l := v .([]interface {})
734- req := make ([]interface {}, 0 , 1 )
735- if len (l ) == 1 {
736- // There is a value
737- outMap := make (map [string ]interface {})
738- outMap ["rawKey" ] = l [0 ].(map [string ]interface {})["raw_key" ]
739- req = append (req , outMap )
740- } else {
741- // Check alternative setting?
742- if altV , ok := d .GetOk ("source_disk_encryption_key_raw" ); ok && altV != "" {
743- outMap := make (map [string ]interface {})
744- outMap ["rawKey" ] = altV
745- req = append (req , outMap )
746- }
613+ if len (l ) == 0 || l [0 ] == nil {
614+ return nil , nil
747615 }
748- return req , nil
616+ raw := l [0 ]
617+ original := raw .(map [string ]interface {})
618+ transformed := make (map [string ]interface {})
619+
620+ transformedRawKey , err := expandComputeSnapshotSourceDiskEncryptionKeyRawKey (original ["raw_key" ], d , config )
621+ if err != nil {
622+ return nil , err
623+ } else if val := reflect .ValueOf (transformedRawKey ); val .IsValid () && ! isEmptyValue (val ) {
624+ transformed ["rawKey" ] = transformedRawKey
625+ }
626+
627+ return transformed , nil
628+ }
629+
630+ func expandComputeSnapshotSourceDiskEncryptionKeyRawKey (v interface {}, d * schema.ResourceData , config * Config ) (interface {}, error ) {
631+ return v , nil
749632}
750633
751634func resourceComputeSnapshotDecoder (d * schema.ResourceData , meta interface {}, res map [string ]interface {}) (map [string ]interface {}, error ) {
752635 d .Set ("source_disk_link" , ConvertSelfLinkToV1 (res ["sourceDisk" ].(string )))
753- if snapshotEncryptionKey := res ["snapshotEncryptionKey" ]; snapshotEncryptionKey != nil {
754- d .Set ("snapshot_encryption_key_sha256" , snapshotEncryptionKey .((map [string ]interface {}))["sha256" ])
755- }
756-
757636 return res , nil
758637}
0 commit comments