Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: write-only attribute support #799

Open
matt-FFFFFF opened this issue Feb 28, 2025 · 3 comments
Open

feat: write-only attribute support #799

matt-FFFFFF opened this issue Feb 28, 2025 · 3 comments
Labels
enhancement New feature or request
Milestone
v2.4.0

Comments

@matt-FFFFFF
Copy link
Member

I am proposing a way to support write-only attributes in azapi_resource

Proposal

resource "azapi_resource" "write_only_mockup" {
  # ... other requried attribs
  body = {
    properties = {
      myVal = "foo"
    }
  }
  body_write_only = {
    properties = {
      myWriteOnlyVal = "bar"
    }
  }
}

The provider would merge the write-only body with the body to create the PUT request.

So the resultant body would look like:

{
  "properties": {
    "myVal": "foo"
    "myWriteOnlyVal": "bar"
  }
}

Considerations

  • Would need to remove the write only values from the GET to ensure they were not persisted in state
  • Conflict resolution - if values specified in body & body_write_only

Thoughts?
@cwe1ss
Copy link

cwe1ss commented Feb 28, 2025

Could this also work with the regular body and a separate write_only_refs = [ "properties.myWriteOnlyVal" ] field?

@matt-FFFFFF
Copy link
Member Author

I think the provider schema needs to be fixed, at the attribute level. So not sure that would work.. but it's more elegant if it does

@ms-henglu ms-henglu added the enhancement New feature or request label Mar 3, 2025
@ms-henglu ms-henglu added this to the v2.4.0 milestone Mar 3, 2025
@ms-henglu
Copy link
Member

Hi @matt-FFFFFF ,

Thank you for taking time to open this issue!

I agree with this design, and the restful provider which developed by my teammate also supported the write-only attribute in similar design: https://github.com/magodo/terraform-provider-restful/releases/tag/v0.19.0

Would need to remove the write only values from the GET to ensure they were not persisted in state

I think this should not happen. According to ARM guideline, the GET response should not return any credentials. If it happens, we should report it as a security bug.

Conflict resolution - if values specified in body & body_write_only

It seems to be a user input error? We can validate and show users error messages.

Could this also work with the regular body and a separate write_only_refs = [ "properties.myWriteOnlyVal" ] field?

I don't think so. Because azapi_resource exposes the body as a dynamic attribute, and the write-only attribute only applied to one attribute, it can't applied to part of the attribute. But actually I also prefer this design, the user experience is much better and users don't need to pay attention to splitting the input to body and write-only-body.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
v2.4.0
Development

No branches or pull requests
3 participants
@cwe1ss @matt-FFFFFF @ms-henglu