Open lennykean opened 2 months ago
Note: We added this to the google_redis_instance
resource directly, but got feedback that some users would have preferred it be added separately, to avoid having secrets in state in the general case. We could consider using that approach here, using a datasource instead.
I'm not sure why the ca certs would be secrets. As far as I know, they don't expose the private keys
I'm not sure why the ca certs would be secrets. As far as I know, they don't expose the private keys
I agree. There are no secrets involved here as the private keys are not exposed.
Note: We added this to the
google_redis_instance
resource directly, but got feedback that some users would have preferred it be added separately, to avoid having secrets in state in the general case. We could consider using that approach here, using a datasource instead.
Having a data source to retrieve information about the cluster would be great since I'm sure it would be useful, but if the google_redis_cluster
resource just returned the outputs required like google_redis_instance
does then that you get everything you need without having to do another step. Consistency is king.
Cool- overabundance of caution on my part it seems, thanks for the input, folks!
Community Note
Description
Redis cluster resources should provide a computed attribute for
server_ca_certs
similar to redis instance resources, which is available in the Memorystore REST APINew or Affected Resource(s)
Potential Terraform Configuration
References
https://cloud.google.com/memorystore/docs/cluster/reference/rest/v1/projects.locations.clusters/getCertificateAuthority
b/337873086