From 73b354bc4ba19d058ffed7fb2a6b7f29967e7406 Mon Sep 17 00:00:00 2001 From: Aleksandr Skoriy Date: Thu, 5 Aug 2021 16:43:05 +0300 Subject: [PATCH] feat: Separate sensitive config to not display by terraform Added `config_sensitive` map input for hide sensitive data by terraform `config` and `config_sensitive` maps are joined together before query Confluent cloud API --- ccloud/resource_connector.go | 17 ++++++++++++++++- docs/resources/connector.md | 3 ++- examples/connector/main.tf | 36 ++++++++++++++++++++++++++++++++++++ 3 files changed, 54 insertions(+), 2 deletions(-) create mode 100644 examples/connector/main.tf diff --git a/ccloud/resource_connector.go b/ccloud/resource_connector.go index e2b85cd..e71c6a7 100644 --- a/ccloud/resource_connector.go +++ b/ccloud/resource_connector.go @@ -60,7 +60,7 @@ func connectorResource() *schema.Resource { Type: schema.TypeMap, Required: true, ForceNew: false, - Description: "Type-specific Configuration of cluster. String keys and values", + Description: "Type-specific Configuration of connector. String keys and values", DiffSuppressFunc: func(k, old, new string, d *schema.ResourceData) bool { // ignore common auto-generated config fields for _, ik := range ignoreConnectorConfigs() { @@ -82,6 +82,13 @@ func connectorResource() *schema.Resource { return false }, }, + "config_sensitive": { + Type: schema.TypeMap, + Optional: true, + ForceNew: false, + Sensitive: true, + Description: "Sensitive part of connector configuration. String keys and values", + }, }, } } @@ -91,6 +98,7 @@ func connectorUpdate(_ context.Context, d *schema.ResourceData, meta interface{} name := d.Get("name").(string) config := d.Get("config").(map[string]interface{}) + configSensitive := d.Get("config_sensitive").(map[string]interface{}) accountID := d.Get("environment_id").(string) clusterID := d.Get("cluster_id").(string) @@ -99,6 +107,9 @@ func connectorUpdate(_ context.Context, d *schema.ResourceData, meta interface{} for key, value := range config { configStrings[key] = value.(string) } + for key, value := range configSensitive { + configStrings[key] = value.(string) + } _, err := c.UpdateConnectorConfig(accountID, clusterID, name, configStrings) d.SetId(name) @@ -117,6 +128,7 @@ func connectorCreate(ctx context.Context, d *schema.ResourceData, meta interface name := d.Get("name").(string) config := d.Get("config").(map[string]interface{}) + configSensitive := d.Get("config_sensitive").(map[string]interface{}) accountID := d.Get("environment_id").(string) clusterID := d.Get("cluster_id").(string) @@ -125,6 +137,9 @@ func connectorCreate(ctx context.Context, d *schema.ResourceData, meta interface for key, value := range config { configStrings[key] = value.(string) } + for key, value := range configSensitive { + configStrings[key] = value.(string) + } return diag.FromErr(resource.RetryContext(ctx, d.Timeout(schema.TimeoutCreate), func() *resource.RetryError { _, err := c.CreateConnector(accountID, clusterID, name, configStrings) diff --git a/docs/resources/connector.md b/docs/resources/connector.md index a4177c0..f382e61 100644 --- a/docs/resources/connector.md +++ b/docs/resources/connector.md @@ -16,12 +16,13 @@ description: |- ### Required - **cluster_id** (String) ID of containing cluster, e.g. lkc-abc123 -- **config** (Map of String) Type-specific Configuration of cluster. String keys and values +- **config** (Map of String) Type-specific Configuration of connector. String keys and values - **environment_id** (String) ID of containing environment, e.g. env-abc123 - **name** (String) The name of the connector ### Optional +- **config_sensitive** (Map of String) Sensitive part of connector configuration. String keys and values - **id** (String) The ID of this resource. - **timeouts** (Block, Optional) (see [below for nested schema](#nestedblock--timeouts)) diff --git a/examples/connector/main.tf b/examples/connector/main.tf new file mode 100644 index 0000000..23bc4f9 --- /dev/null +++ b/examples/connector/main.tf @@ -0,0 +1,36 @@ +terraform { + required_providers { + kafka = { + source = "Mongey/kafka" + version = "0.2.11" + } + confluentcloud = { + source = "Mongey/confluentcloud" + } + } +} + +provider "confluentcloud" {} + +resource "confluentcloud_connector" "connector" { + name = "pubsub-kafka-connector" + environment_id = "env-ab123" + cluster_id = "lkc-cd456" + config = { + "name" = "pubsub-kafka-connector" + "connector.class" = "PubSubSource" + "kafka.topic" = "kafka-topic1" + "gcp.pubsub.project.id" = "project-1234" + "gcp.pubsub.subscription.id" = "topic1-subscription1" + "gcp.pubsub.topic.id" = "topic1" + "gcp.pubsub.max.retry.time" = "5" + "gcp.pubsub.message.max.count" = "1000" + "errors.tolerance" = "all" + "tasks.max" = "1" + } + config_sensitive = { + "kafka.api.key" = <> + "kafka.api.secret" = <> + "gcp.pubsub.credentials.json" = < + } +}