secretmanager: ephemeral support for google_secret_manager_secret_version
#14700
Conversation
modular-magician
added
the
awaiting-approval
|
@BBBmau Tagging for visibility since you implemented all the other ephemeral resources. Tests: Couldn't really find a lot of testing utilities around ephemeral resources, so decided to also do some manual testing. For manual testing I used the following config: locals {
project_id = "my-project-id"
}
provider "google" {
project = local.project_id
}
resource "google_secret_manager_secret" "secret" {
secret_id = "test-ephemeral-secret"
replication {
auto {}
}
}
resource "google_secret_manager_secret_version" "version" {
secret = google_secret_manager_secret.secret.id
secret_data = "foo"
}
ephemeral "google_secret_manager_secret_version" "ephemeral" {
secret = google_secret_manager_secret_version.version.secret
version = google_secret_manager_secret_version.version.version
}
resource "google_secret_manager_secret_version" "version_two_based_on_ephemeral" {
# This resource is used to test that the ephemeral secret can be used in a resource that uses it's value
secret = google_secret_manager_secret.secret.id
secret_data_wo = ephemeral.google_secret_manager_secret_version.ephemeral.secret_data
secret_data_wo_version = "1"
}And I can make the second secret version based upon the ephemeral output of the first secret version. 
Logs: EDIT: Made some changes to the testing set-up in 77dcd03, so ran tests again: |
|
Hello! I am a robot. Tests will require approval from a repository maintainer to run. Googlers: For automatic test runs see go/terraform-auto-test-runs. @SirGitsalot, a repository maintainer, has been assigned to review your changes. If you have not received review feedback within 2 business days, please leave a comment on this PR asking them to take a look. You can help make sure that review is quick by doing a self-review and by running impacted tests locally. |
|
Reassigning to a reviewer knowledgable with ephemeral resources |
|
@SirGitsalot This PR has been waiting for review for 3 weekdays. Please take a look! Use the label |
|
@GoogleCloudPlatform/terraform-team @SirGitsalot This PR has been waiting for review for 1 week. Please take a look! Use the label |
ramonvermeulen
force-pushed
the
ramon/20516-ephemeral-support-secret-manager-secret-version
branch
from
8d381ad to
65fe64f
Compare
|
@GoogleCloudPlatform/terraform-team @SirGitsalot This PR has been waiting for review for 2 weeks. Please take a look! Use the label |
|
Hi @BBBmau Do you maybe have time somewhere within the next weeks to take a look at this PR as well? I know the original issue has quite a high demand so just tagging as a friendly reminder. |
modular-magician
removed
the
awaiting-approval
Tests analyticsTotal tests: 5059 Click here to see the affected service packages
Action takenFound 6 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests
|
|
🟢 Tests passed during RECORDING mode: 🔴 Tests failed when rerunning REPLAYING mode: Tests failed due to non-determinism or randomness when the VCR replayed the response after the HTTP request was made. Please fix these to complete your PR. If you believe these test failures to be incorrect or unrelated to your change, or if you have any questions, please raise the concern with your reviewer. 🔴 Tests failed during RECORDING mode: 🔴 Errors occurred during RECORDING mode. Please fix them to complete your PR. |
ramonvermeulen
force-pushed
the
ramon/20516-ephemeral-support-secret-manager-secret-version
branch
from
65fe64f to
e1d5f11
Compare
Just ran the tests locally one more time because I saw the failures in VCR: Weirdly I don't run into any issues locally, could you share the VCR logs? |
modular-magician
added
the
awaiting-approval
|
/gcbrun |
modular-magician
removed
the
awaiting-approval
=== RUN TestAccEphemeralSecretManagerSecretVersion_base64
=== PAUSE TestAccEphemeralSecretManagerSecretVersion_base64
=== CONT TestAccEphemeralSecretManagerSecretVersion_base64
test_utils.go:126: no cassette found on disk for TestAccEphemeralSecretManagerSecretVersion_base64, please replay this testcase in recording mode - open /workspace/.ci/magician/cassettes/beta/TestAccEphemeralSecretManagerSecretVersion_base64.seed: no such file or directory
--- FAIL: TestAccEphemeralSecretManagerSecretVersion_base64 (0.00s)is this something that we can look into? @melinath |
Tests analyticsTotal tests: 5072 Click here to see the affected service packages
Action takenFound 9 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests
|
|
🟢 Tests passed during RECORDING mode: 🔴 Tests failed when rerunning REPLAYING mode: Tests failed due to non-determinism or randomness when the VCR replayed the response after the HTTP request was made. Please fix these to complete your PR. If you believe these test failures to be incorrect or unrelated to your change, or if you have any questions, please raise the concern with your reviewer. 🔴 Tests failed during RECORDING mode: 🔴 Errors occurred during RECORDING mode. Please fix them to complete your PR. |
|
@GoogleCloudPlatform/terraform-team @SirGitsalot This PR has been waiting for review for 3 weeks. Please take a look! Use the label |
ramonvermeulen
force-pushed
the
ramon/20516-ephemeral-support-secret-manager-secret-version
branch
from
e1d5f11 to
6dc03eb
Compare
modular-magician
added
the
awaiting-approval
|
Small update on this, just rebased and reran tests: |
modular-magician
removed
the
awaiting-approval
|
Hi there, I'm the Modular magician. I've detected the following information about your changes: Diff reportYour PR generated some diffs in downstreams - here they are.
|
Tests analyticsTotal tests: 5495 Click here to see the affected service packages
Action takenFound 40 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests
|
|
🟢 Tests passed during RECORDING mode: 🔴 Tests failed when rerunning REPLAYING mode: Tests failed due to non-determinism or randomness when the VCR replayed the response after the HTTP request was made. Please fix these to complete your PR. If you believe these test failures to be incorrect or unrelated to your change, or if you have any questions, please raise the concern with your reviewer. 🔴 Tests failed during RECORDING mode: 🔴 Several tests terminated during RECORDING mode. 🔴 Errors occurred during RECORDING mode. Please fix them to complete your PR. |
|
@GoogleCloudPlatform/terraform-team @SirGitsalot This PR has been waiting for review for 4 weeks. Please take a look! Use the label |
ramonvermeulen
force-pushed
the
ramon/20516-ephemeral-support-secret-manager-secret-version
branch
from
6dc03eb to
1f240c7
Compare
modular-magician
added
the
awaiting-approval
…ger_secret_version`
ramonvermeulen
force-pushed
the
ramon/20516-ephemeral-support-secret-manager-secret-version
branch
from
1f240c7 to
3d46ebc
Compare
|
@GoogleCloudPlatform/terraform-team @SirGitsalot This PR has been waiting for review for 5 weeks. Please take a look! Use the label |
|
Hey @BBBmau, would it be possible to get this reviewed? This resource is quite important to the community since it completes the ephemeral lifecycle for secrets in GCP. Is there anything @ramonvermeulen or I can do to help move this forward? Thanks! |
I would be pretty happy to help too! |
Closes hashicorp/terraform-provider-google#20516
For reference:
Hashicorp docs on ephemeral resources:
https://developer.hashicorp.com/terraform/plugin/framework/ephemeral-resources
Implementation of the original couple of ephemeral resources:
#12469
Release Note Template for Downstream PRs (will be copied)
See Write release notes for guidance.