Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

resource_tailnet_key: handle 404 and discard invalid keys #287

Merged
merged 5 commits into from
Sep 25, 2023

Conversation

clstokes
Copy link
Collaborator

@clstokes clstokes commented Sep 12, 2023

What this PR does / why we need it:

  1. Changes the handling of 404 errors on Read / terraform refresh operations to treat all 404 errors as a deleted key. Previously only one-time keys (e.g not reusable) were treated as deleted and a 404 would fail the terraform operation with an error.
  2. Removes tailnet key from state during Read operation if invalid key property is true.

Which issue this PR fixes:

Fixes #144

Special notes for your reviewer:

Any concerns with using the time of the machine that is running Terraform to compare with expires_at returned by the Tailscale API?

@clstokes

This comment was marked as outdated.

tailscale/resource_tailnet_key.go Show resolved Hide resolved
tailscale/resource_tailnet_key.go Outdated Show resolved Hide resolved
@clstokes clstokes marked this pull request as draft September 20, 2023 20:46
@clstokes
Copy link
Collaborator Author

After internal discussion we're going to go a slightly different direction here that will require changes to the Tailscale API and /~https://github.com/tailscale/tailscale-client-go. I made this PR a draft and will come back to this once the upstream change are ready.

@clstokes
Copy link
Collaborator Author

Updated to use invalid key property per tailscale/tailscale-client-go#59.

go.mod will need to be updated once more once tailscale-client-go is released.

Copy link
Collaborator

@knyar knyar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've just made a new release that you can use here: /~https://github.com/tailscale/tailscale-client-go/releases/tag/v1.13.0

@clstokes clstokes marked this pull request as ready for review September 25, 2023 10:32
@clstokes clstokes changed the title resource_tailnet_key: handle 404 and discard expired keys resource_tailnet_key: handle 404 and discard invalid keys Sep 25, 2023
@clstokes clstokes merged commit 05c70b5 into main Sep 25, 2023
@clstokes clstokes deleted the clstokes/tailnet-key-read-404 branch September 25, 2023 10:46
knyar added a commit that referenced this pull request Dec 8, 2023
This change partially reverts the behaviour introduced in #287 that
currently results in single-use keys being recreated, triggering
unnecessary updates to downstream Terraform resources.

By default, the provider will now only recreate reusable keys, ignoring
invalid single-use keys. This can also be changed now using a new
`recreate_if_invalid` attribute.

Fixes #306

Signed-off-by: Anton Tolchanov <anton@tailscale.com>
knyar added a commit that referenced this pull request Dec 8, 2023
This change partially reverts the behaviour introduced in #287 that
currently results in single-use keys being recreated, triggering
unnecessary updates to downstream Terraform resources.

By default, the provider will now only recreate reusable keys, ignoring
invalid single-use keys. This can also be changed now using a new
`recreate_if_invalid` attribute.

Fixes #306

Signed-off-by: Anton Tolchanov <anton@tailscale.com>
knyar added a commit that referenced this pull request Dec 11, 2023
This change partially reverts the behaviour introduced in #287 that
currently results in single-use keys being recreated, triggering
unnecessary updates to downstream Terraform resources.

By default, the provider will now only recreate reusable keys, ignoring
invalid single-use keys. This can also be changed now using a new
`recreate_if_invalid` attribute.

Fixes #306

Signed-off-by: Anton Tolchanov <anton@tailscale.com>
knyar added a commit that referenced this pull request Dec 11, 2023
This change partially reverts the behaviour introduced in #287 that
currently results in single-use keys being recreated, triggering
unnecessary updates to downstream Terraform resources.

By default, the provider will now only recreate reusable keys, ignoring
invalid single-use keys. This can also be changed now using a new
`recreate_if_invalid` attribute.

Fixes #306

Signed-off-by: Anton Tolchanov <anton@tailscale.com>
knyar added a commit that referenced this pull request Dec 12, 2023
This change partially reverts the behaviour introduced in #287 that
currently results in single-use keys being recreated, triggering
unnecessary updates to downstream Terraform resources.

By default, the provider will now only recreate reusable keys, ignoring
invalid single-use keys. This can also be changed now using a new
`recreate_if_invalid` attribute.

Fixes #306

Signed-off-by: Anton Tolchanov <anton@tailscale.com>
knyar added a commit that referenced this pull request Dec 12, 2023
This change partially reverts the behaviour introduced in #287 that
currently results in single-use keys being recreated, triggering
unnecessary updates to downstream Terraform resources.

By default, the provider will now only recreate reusable keys, ignoring
invalid single-use keys. This can also be changed now using a new
`recreate_if_invalid` attribute.

Fixes #306

Signed-off-by: Anton Tolchanov <anton@tailscale.com>
knyar added a commit that referenced this pull request Dec 12, 2023
This change partially reverts the behaviour introduced in #287 that
currently results in single-use keys being recreated, triggering
unnecessary updates to downstream Terraform resources.

By default, the provider will now only recreate reusable keys, ignoring
invalid single-use keys. This can also be changed now using a new
`recreate_if_invalid` attribute.

Fixes #306

Signed-off-by: Anton Tolchanov <anton@tailscale.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

The tailscale_tailnet_key resource should handle expired keys
2 participants