search

hashicorp / terraform-provider-vsphere

Terraform Provider for VMware vSphere
https://registry.terraform.io/providers/hashicorp/vsphere/
Mozilla Public License 2.0
612 stars 449 forks source link

Passwords specified in `vapp` section of vm resource cause non-empty diff #1992

Open annakhm opened 1 year ago

annakhm commented 1 year ago

Community Guidelines

Terraform

v1.5.3

Terraform Provider

v2.4.1

VMware vSphere

7.0.3

Description

When creating a VM specifying nsx_passwd_0 and nsx_cli_passwd_0 properties, subsequent plan/apply (with no changes introduced) causes non-empty diff:

  # vsphere_virtual_machine.nsx-vm[0] will be updated in-place
  ~ resource "vsphere_virtual_machine" "nsx-vm" {
        id                                      = "420c2752-20b3-bbb9-bc52-6c189c18a23d"
        name                                    = "anna-nsx-0"
        tags                                    = []
        # (69 unchanged attributes hidden)

      ~ vapp {
          ~ properties = {
              + "nsx_cli_passwd_0"      = "Password!23Test"
              + "nsx_passwd_0"          = "Password!23Test"
                # (8 unchanged elements hidden)
            }
        }

        # (4 unchanged blocks hidden)
    }

Affected Resources or Data Sources

resource/vsphere_virtual_machine

Terraform Configuration

data "vsphere_datacenter" "datacenter" {
  name = "Datacenter"
}

data "vsphere_datastore" "datastore" {
  name          = "datastore1 (1)"
  datacenter_id = data.vsphere_datacenter.datacenter.id
}

data "vsphere_compute_cluster" "cluster" {
  name          = "Cluster2"
  datacenter_id = data.vsphere_datacenter.datacenter.id
}

data "vsphere_network" "network" {
  name          = "VM Network 2"
  datacenter_id = data.vsphere_datacenter.datacenter.id
}

data "vsphere_host" "host" {
  name          = "sc2-nsx-perf-server162.eng.vmware.com"
  datacenter_id = data.vsphere_datacenter.datacenter.id
}

resource "vsphere_virtual_machine" "nsx-vm" {
  count            = 3
  name             = "anna-nsx-${count.index}"
  datacenter_id    = data.vsphere_datacenter.datacenter.id
  resource_pool_id = data.vsphere_compute_cluster.cluster.resource_pool_id
  datastore_id     = data.vsphere_datastore.datastore.id
  host_system_id   = data.vsphere_host.host.id
  num_cpus         = 4
  memory           = 16384
  wait_for_guest_net_timeout = 0
  wait_for_guest_ip_timeout  = 0
  network_interface {
    network_id = data.vsphere_network.network.id
  }

  ovf_deploy {
    allow_unverified_ssl_cert = true
    remote_ovf_url            = "<URL>"
    disk_provisioning         = "thin"
    ip_protocol               = "IPv4"
    ovf_network_map = {
      "Network 1" = data.vsphere_network.network.id
    }
  }

  vapp {
    properties = {
      "nsx_hostname"       = "anna-nsx-${count.index}"
      "nsx_ip_0"           = "192.168.240.2${count.index}"
      "nsx_netmask_0"      = "255.255.255.0"
      "nsx_gateway_0"      = "192.168.240.1"
      "nsx_dns1_0"         = "192.168.240.1"
      "nsx_ntp_0"          = "pool.ntp.org"
      "nsx_passwd_0"       = "Password!23Test"
      "nsx_isSSHEnabled"   = "True"
      "nsx_cli_passwd_0"   = "Password!23Test"
      "nsx_allowSSHRootLogin" = "True"
    }
  }
}

Debug Output

https://gist.github.com/annakhm/46fc2cddb1f7438814146f5fa5402647

Panic Output

No response

Expected Behavior

Since no changes were introduced, the diff should be empty

Actual Behavior

Non-empty diff, upon apply VM is updated

I understand passwords are sensitive and as such, are not sent back in the API, but this should not cause a diff in resource.

Steps to Reproduce

  1. Apply configuration specified above
  2. Run terraform plan

Environment Details

No response

Screenshots

No response

References

No response

github-actions[bot] commented 1 year ago

Hello, annakhm! 🖐

Thank you for submitting an issue for this provider. The issue will now enter into the issue lifecycle.

If you want to contribute to this project, please review the contributing guidelines and information on submitting pull requests.