Dont allow password change via tf apply (#70)

* Don't allow password change via tf apply * Bump Terraform Boundary provider version to v1.0.0
hashicorp · Jan 20, 2021 · d94cd5a · d94cd5a
1 parent 187d81d
commit d94cd5a
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 22 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,18 @@
+## 1.0.0 (Unreleased)
+
+We are bumping the version of the Boundary Terraform provider to v1.0.0 and will release new versions of the provider at its own cadence instead of keeping it in lockstep with Boundary.
+
+### Bug Fixes
+
+* During `terraform apply`, do not update existing user account passwords when the password field is updated in the tf file.
+  ([Issue](https://github.com/hashicorp/terraform-provider-boundary/issues/71))
+  ([PR](https://github.com/hashicorp/terraform-provider-boundary/pull/70))
+
 ## 0.1.4 (January 14, 2021)
 
-Boundary 0.1.4 release ([see boundary changelog](https://github.com/hashicorp/boundary/blob/main/CHANGELOG.md#014-20210105))
+### New and Improved
+
+Update to the Boundary Go SDK v0.0.3
 
 ## 0.1.0 (October 14, 2020)
 

diff --git a/docs/resources/account.md b/docs/resources/account.md
@@ -47,7 +47,7 @@ resource "boundary_account" "jeff" {
 - **description** (String) The account description.
 - **login_name** (String) The login name for this account.
 - **name** (String) The account name. Defaults to the resource name.
-- **password** (String) The account password.
+- **password** (String) The account password. Only set on create, changes will not be reflected when updating account.
 
 ### Read-only
 

diff --git a/internal/provider/resource_account.go b/internal/provider/resource_account.go
@@ -62,9 +62,16 @@ func resourceAccount() *schema.Resource {
 				Optional:    true,
 			},
 			accountPasswordKey: {
-				Description: "The account password.",
+				Description: "The account password. Only set on create, changes will not be reflected when updating account.",
 				Type:        schema.TypeString,
 				Optional:    true,
+				DiffSuppressFunc: func(k, old, new string, d *schema.ResourceData) bool {
+					if d.Id() == "" {
+						// This is a new resource do not suppress password diff
+						return false
+					}
+					return true
+				},
 			},
 		},
 	}
@@ -222,22 +229,6 @@ func resourceAccountUpdate(ctx context.Context, d *schema.ResourceData, meta int
 		}
 	}
 
-	var password *string
-	if d.HasChange(accountPasswordKey) {
-		switch d.Get(TypeKey).(string) {
-		case accountTypePassword:
-			opts = append(opts, accounts.DefaultPasswordAccountPassword())
-			keyVal, ok := d.GetOk(accountPasswordKey)
-			if ok {
-				keyStr := keyVal.(string)
-				password = &keyStr
-				opts = append(opts, accounts.WithPasswordAccountPassword(keyStr))
-			}
-		default:
-			return diag.Errorf(`"password" cannot be used with this type of account`)
-		}
-	}
-
 	if len(opts) > 0 {
 		opts = append(opts, accounts.WithAutomaticVersioning(true))
 		_, err := aClient.Update(ctx, d.Id(), 0, opts...)
@@ -255,9 +246,6 @@ func resourceAccountUpdate(ctx context.Context, d *schema.ResourceData, meta int
 	if d.HasChange(accountLoginNameKey) {
 		d.Set(accountLoginNameKey, loginName)
 	}
-	if d.HasChange(accountPasswordKey) {
-		d.Set(accountPasswordKey, password)
-	}
 
 	return nil
 }