Open RavinderReddyF5 opened 3 years ago
RavinderReddyF5
commented
3 years ago 
we can add sensitive tag to password attribute, so that it won't show it as clear text, but i am not sure about the diff in password even though there is no change in it
RavinderReddyF5
commented
3 years ago
@soumik612
It looks like normal get call on bigip monitor itself gives encrypted password, so to avoid any state diff to password variable we can add password to ignore_changes block.
resource "bigip_ltm_monitor" "test_postgres" { name = "/Common/test_postgres" parent = "/Common/postgresql" username = "sql-tester" password = "abcd123" database = "postgre"
lifecycle { ignore_changes = [ password ] } }
RavinderReddyF5
commented
3 years ago
Fixed in v1.2.1, if issue seems to persist, please reopen the bug
While testing the client_ssl profile and postgre_sql monitor, I came across an issue where in the ssl key and the postgresql passwords are displayed in clear text.
E.g. This is how my PostGRESQL monitor looks like:
Once the resource has been applied on the F5, the associated state looks like this. (Password is hashed)
Consequently, even if there are no changes to the resource, when I issue Terraform plan, I get this message
EXPECTED SCENARIO: Since the resoure is not been modified, the provider should not show it in the plan. Also the provider compares the passphrase in the state file ,matches it with resource config and concludes that the passphrase needs to be updated, which should not be the case.