Open lennykean opened 2 months ago
rileykarson
commented
2 months ago Note: We added this to the google_redis_instance resource directly, but got feedback that some users would have preferred it be added separately, to avoid having secrets in state in the general case. We could consider using that approach here, using a datasource instead.
lennykean
commented
2 months ago I'm not sure why the ca certs would be secrets. As far as I know, they don't expose the private keys
pprommer
commented
1 month ago I'm not sure why the ca certs would be secrets. As far as I know, they don't expose the private keys
I agree. There are no secrets involved here as the private keys are not exposed.
Note: We added this to the
google_redis_instanceresource directly, but got feedback that some users would have preferred it be added separately, to avoid having secrets in state in the general case. We could consider using that approach here, using a datasource instead.
Having a data source to retrieve information about the cluster would be great since I'm sure it would be useful, but if the google_redis_cluster resource just returned the outputs required like google_redis_instance does then that you get everything you need without having to do another step. Consistency is king.
rileykarson
commented
1 month ago Cool- overabundance of caution on my part it seems, thanks for the input, folks!
imrannayer
commented
1 week ago
Community Note
Description
Redis cluster resources should provide a computed attribute for
server_ca_certssimilar to redis instance resources, which is available in the Memorystore REST APINew or Affected Resource(s)
Potential Terraform Configuration
References
https://cloud.google.com/memorystore/docs/cluster/reference/rest/v1/projects.locations.clusters/getCertificateAuthority
b/337873086