search

DrFaust92 / terraform-provider-bitbucket

Terraform Bitbucket Cloud provider.
https://registry.terraform.io/providers/drfaust92/bitbucket
Mozilla Public License 2.0
38 stars 30 forks source link

"only updating secured variables if the value has changed in terraform" #20

Closed dennislapchenko closed 2 years ago

dennislapchenko commented 2 years ago

Running plans on secured pipelines and deployment variables is a known bugger, since sensitive value is not stored in state all values are to be updated on every apply. Same was described in aeirola's fork, alongside some thoughts and investigations, as well as a complete PR for a solution.

https://github.com/aeirola/terraform-provider-bitbucket/pull/2

There is an obvious drawback in this solution, as manual changes would force state to be unknowingly stale. BUT if org permissions are regulated properly - this is out of question. Would love to see this PR released on this fork.

Also thanks for keeping it active ❤️

DrFaust92 commented 2 years ago

Hi @dennislapchenko ill look into :D

toriath commented 2 years ago

I've pulled the changes from aeirola#2 into our fork, replaced the md5-hash with a sha256 and added an additional parameter to toggle the new behavior.

Here's a PR: #24

a0s commented 2 years ago

I tested it and got tons of "bitbucket_deployment_variable will be updated in-place" with + always_override = true I believe that it should be false by default. Also, the empty always_override should be false too. IMO, merged PR should not create a change-storm.