search

chronark / terraform-provider-vercel

A terraform provider for vercel's hosting platform
ff789693-5a72-142e-e45d-326ead4ae7a4.vercel.app
Mozilla Public License 2.0
25 stars 9 forks source link

Improve support for vercel_env type "encrypted" #53

Open marklawlor opened 2 years ago

marklawlor commented 2 years ago

While not documented by this repo, you can successfully create a vercel_env with type encrypted.

However, these resources will always have changes applied to them. It would be great if support for type = "encrypted" was improved, as Vercel is planning to deprecate secrets https://vercel.com/docs/rest-api#endpoints/secrets

Terraform Version

Terraform v1.0.11 on linux_amd64

Affected Resource(s)

Terraform Configuration Files

resource "vercel_project" "test" {
  name = "test"

  git_repository {
    type = "github"
    repo = "marklawlor/test"
  }

  framework     = "nextjs"
}

resource "vercel_env" "test" {
  project_id = vercel_project.test.id
  type       = "encrypted"
  key        = "test"
  value      = random_password.test.result
  target     = ["production"]
}

resource "random_password" "test" {
  length  = 16
  special = true
}

Expected Behavior

Should detect no changes when running terraform apply multiple times

Actual Behavior

  ~ resource "vercel_env" "test" {
        id         = "RiZ1UbFy3BbC6x3m"
      ~ key        = "" -> "test"
      ~ target     = [
          + "production",
        ]
      ~ type       = "" -> "encrypted"
      # Warning: this attribute value will no longer be marked as sensitive
      # after applying this change.
      ~ value      = (sensitive) -> (known after apply)
        # (3 unchanged attributes hidden)
    }
chronark commented 2 years ago

Hey @marklawlor Yes we should move towards the new method of creating variables where you don't have to specify whether they are encrypted or not. I just haven't found the time to do it yet but it's bugging me too :)

GuiSim commented 2 years ago

I can't get env to work

resource "vercel_env" "test" {
  project_id = vercel_project.my_app.id
  type       = "encrypted"
  key        = "hello"
  value      = "world"
  target     = ["production", "preview", "development"]
}

results in

│ Error: Unable to request resource: [POST] /v6/projects/prj_rHBY7I2r7kDvDjkQu7w6XRXXXXXu/env with payload {}: Error during http request: map[error:map[code:NOT_FOUND]]
│ 
│   with vercel_env.test,
│   on main.tf line 62, in resource "vercel_env" "test":
│   62: resource "vercel_env" "test" {

I initially thought this was caused by the v6 API being deprecated but I can't find any reference to that in Vercel's changelog.

I'm surprised to see you got it to work @marklawlor I doubt something changed in 7 days but I still thought I'd share this in case anybody else encounters the same issue with vercel_env

marklawlor commented 2 years ago

@GuiSim I just successfully deployed a test project with this exact config

terraform {
  required_version = ">= 1.0.11"

  required_providers {
    vercel = {
      source  = "registry.terraform.io/chronark/vercel"
      version = "0.14.2"
    }
  }
}

provider "vercel" {
  token = "<my-api-token>"
}

resource "vercel_project" "test" {
  name = "test2"

  git_repository {
    type = "github"
    repo = "<my-repo>"
  }

  framework     = "nextjs"
}

resource "vercel_env" "test" {
  project_id = vercel_project.test.id
  type       = "encrypted"
  key        = "test"
  value      = random_password.test.result
  target     = ["production"]
}

resource "random_password" "test" {
  length  = 16
  special = true
}

Maybe because I've only tested this with newly created projects? Or maybe a difference in version numbers?

marklawlor commented 2 years ago

Actually, I think I may know the cause of your issue and possibly this needs to be logged as another issue.

There seems to be a couple of edge cases that fail during an vercel_env replacement/deletion. Basically the env has been removed from vercel but terraform thinks it still exists. I don't have exact details as I never looked into it, but a couple of times I've needed to manually remove the vercel_env from state & vercel.com so I can apply the plan again.

GuiSim commented 2 years ago

Thank you @marklawlor

I apologize for hijacking this issue as I thought my problem was related. Turns out it was caused by a missing team_id on the vercel_env.

My suggestion would be to have the team_id settable directly on the provider config.

Now I need to figure out how to import vercel_env entries ;) Thank you for the help!

chronark commented 2 years ago

Yeah I actually want to change the way you add by including the env specification inside the project resource. That way you don't have to provide team and project every time. I'll hopefully have a few hours on Sunday to flesh it out

GuiSim commented 2 years ago

Thanks Andreas! All good on my end, I got everything to work now 😃

I did encounter a bug where 'encrypted' would encrypt twice but that seems to have resolved itself.

On Fri, Nov 26, 2021 at 2:27 PM Andreas Thomas @.***> wrote:

Yeah I actually want to change the way you add by including the env specification inside the project resource. That way you don't have to provide team and project every time. I'll hopefully have a few hours on Sunday to flesh it out

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/chronark/terraform-provider-vercel/issues/53#issuecomment-980337840, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAPIMBTZ7CKAJAJJCGO4YZ3UN7NQPANCNFSM5IIFXE2A .

-- Guillaume S.

chronark commented 2 years ago

Ok great to hear you got it working.