Revert "feature: add Ephemeral WriteOnly attributes support" (Googl…

…eCloudPlatform#13134)
SirGitsalot · Feb 20, 2025 · acf4174 · acf4174
1 parent 1640ac5
commit acf4174
Show file tree

Hide file tree

Showing 42 changed files with 73 additions and 951 deletions.
diff --git a/mmv1/api/resource.go b/mmv1/api/resource.go
@@ -561,13 +561,6 @@ func (r Resource) SensitiveProps() []*Type {
 	})
 }
 
-func (r Resource) WriteOnlyProps() []*Type {
-	props := r.AllNestedProperties(r.RootProperties())
-	return google.Select(props, func(p *Type) bool {
-		return p.WriteOnly
-	})
-}
-
 func (r Resource) SensitivePropsToString() string {
 	var props []string
 
@@ -578,16 +571,6 @@ func (r Resource) SensitivePropsToString() string {
 	return strings.Join(props, ", ")
 }
 
-func (r Resource) WriteOnlyPropsToString() string {
-	var props []string
-
-	for _, prop := range r.WriteOnlyProps() {
-		props = append(props, fmt.Sprintf("`%s`", prop.Lineage()))
-	}
-
-	return strings.Join(props, ", ")
-}
-
 // All settable properties in the resource.
 // Fingerprints aren't *really" settable properties, but they behave like one.
 // At Create, they have no value but they can just be read in anyways, and after a Read

diff --git a/mmv1/api/resource/custom_code.go b/mmv1/api/resource/custom_code.go
@@ -137,6 +137,4 @@ type CustomCode struct {
 	// resource was successfully deleted. Use this if the API responds
 	// with a success HTTP code for deleted resources
 	TestCheckDestroy string `yaml:"test_check_destroy"`
-
-	ValidateRawResourceConfigFuncs string `yaml:"raw_resource_config_validation"`
 }
diff --git a/mmv1/api/resource/docs.go b/mmv1/api/resource/docs.go
@@ -32,7 +32,5 @@ type Docs struct {
 
 	OptionalProperties string `yaml:"optional_properties"`
 
-	WriteOnlyProperties string `yaml:"write_only_properties"`
-
 	Attributes string
 }
diff --git a/mmv1/api/type.go b/mmv1/api/type.go
@@ -171,8 +171,6 @@ type Type struct {
 
 	Sensitive bool `yaml:"sensitive,omitempty"` // Adds `Sensitive: true` to the schema
 
-	WriteOnly bool `yaml:"write_only,omitempty"` // Adds `WriteOnly: true` to the schema
-
 	// Does not set this value to the returned API value.  Useful for fields
 	// like secrets where the returned API value is not helpful.
 	IgnoreRead bool `yaml:"ignore_read,omitempty"`
@@ -363,14 +361,6 @@ func (t *Type) Validate(rName string) {
 		log.Fatalf("'default_value' and 'default_from_api' cannot be both set in resource %s", rName)
 	}
 
-	if t.WriteOnly && (t.DefaultFromApi || t.Output) {
-		log.Fatalf("Property %s cannot be write_only and default_from_api or output at the same time in resource %s", t.Name, rName)
-	}
-
-	if t.WriteOnly && t.Sensitive {
-		log.Fatalf("Property %s cannot be write_only and sensitive at the same time in resource %s", t.Name, rName)
-	}
-
 	t.validateLabelsField()
 
 	switch {
@@ -692,30 +682,6 @@ func (t Type) NestedProperties() []*Type {
 	return props
 }
 
-// Returns write-only properties for this property.
-func (t Type) WriteOnlyProperties() []*Type {
-	props := make([]*Type, 0)
-
-	switch {
-	case t.IsA("Array"):
-		if t.ItemType.IsA("NestedObject") {
-			props = google.Reject(t.ItemType.WriteOnlyProperties(), func(p *Type) bool {
-				return t.Exclude
-			})
-		}
-	case t.IsA("NestedObject"):
-		props = google.Select(t.UserProperties(), func(p *Type) bool {
-			return p.WriteOnly
-		})
-	case t.IsA("Map"):
-		props = google.Reject(t.ValueType.WriteOnlyProperties(), func(p *Type) bool {
-			return t.Exclude
-		})
-	default:
-	}
-	return props
-}
-
 func (t Type) Removed() bool {
 	return t.RemovedMessage != ""
 }
@@ -1124,7 +1090,7 @@ func (t *Type) IsForceNew() bool {
 	}
 
 	parent := t.Parent()
-	return !t.WriteOnly && (!t.Output || t.IsA("KeyValueEffectiveLabels")) &&
+	return (!t.Output || t.IsA("KeyValueEffectiveLabels")) &&
 		(t.Immutable ||
 			(t.ResourceMetadata.Immutable && t.UpdateUrl == "" &&
 				(parent == nil ||

diff --git a/mmv1/products/bigquerydatatransfer/Config.yaml b/mmv1/products/bigquerydatatransfer/Config.yaml
@@ -41,7 +41,6 @@ custom_code:
   post_create: 'templates/terraform/post_create/set_computed_name.tmpl'
   pre_update: 'templates/terraform/pre_update/bigquerydatatransfer_config.tmpl'
   custom_import: 'templates/terraform/custom_import/bigquery_data_transfer_self_link_as_name_set_location.go.tmpl'
-  raw_resource_config_validation: 'templates/terraform/validation/bigquery_data_transfer_config.go.tmpl'
 custom_diff:
   - 'sensitiveParamCustomizeDiff'
   - 'paramsCustomizeDiff'
@@ -211,12 +210,6 @@ properties:
       **NOTE** : If you are attempting to update a parameter that cannot be updated (due to api limitations) [please force recreation of the resource](https://www.terraform.io/cli/state/taint#forcing-re-creation-of-resources).
     required: true
     custom_flatten: 'templates/terraform/custom_flatten/json_to_string_map.go.tmpl'
-
-  - name: 'sensitiveParamsWoVersion'
-    type: Integer
-    immutable: true
-    description: |
-      The version of the sensitive params - used to trigger updates of the write-only params
   - name: 'sensitiveParams'
     type: NestedObject
     description: |
@@ -233,19 +226,6 @@ properties:
         type: String
         description: |
           The Secret Access Key of the AWS account transferring data from.
+
+        required: true
         sensitive: true
-        at_least_one_of:
-          - 'sensitive_params.0.secretAccessKey'
-          - 'sensitive_params.0.secretAccessKeyWo'
-        conflicts:
-          - 'sensitive_params.0.secretAccessKeyWo'
-      - name: 'secretAccessKeyWo' # Wo is convention for write-only properties
-        type: String
-        description: |
-          The Secret Access Key of the AWS account transferring data from.
-        write_only: true
-        at_least_one_of:
-          - 'sensitive_params.0.secretAccessKeyWo'
-          - 'sensitive_params.0.secretAccessKey'
-        conflicts:
-          - 'sensitive_params.0.secretAccessKey'
diff --git a/mmv1/products/compute/Disk.yaml b/mmv1/products/compute/Disk.yaml
@@ -37,6 +37,7 @@ references:
 docs:
 base_url: 'projects/{{project}}/zones/{{zone}}/disks'
 has_self_link: true
+immutable: true
 timeouts:
   insert_minutes: 20
   update_minutes: 20
@@ -62,7 +63,6 @@ custom_code:
   update_encoder: 'templates/terraform/update_encoder/hyper_disk.go.tmpl'
   decoder: 'templates/terraform/decoders/disk.tmpl'
   pre_delete: 'templates/terraform/pre_delete/detach_disk.tmpl'
-  raw_resource_config_validation: 'templates/terraform/validation/compute_disk.go.tmpl'
 custom_diff:
   - 'customdiff.ForceNewIfChange("size", IsDiskShrinkage)'
   - 'hyperDiskIopsUpdateDiffSuppress'
@@ -72,11 +72,6 @@ examples:
     primary_resource_name: 'fmt.Sprintf("tf-test-test-disk%s", context["random_suffix"])'
     vars:
       disk_name: 'test-disk'
-  - name: 'disk_basic_wo'
-    primary_resource_id: 'default'
-    primary_resource_name: 'fmt.Sprintf("tf-test-test-disk%s", context["random_suffix"])'
-    vars:
-      disk_name: 'test-disk'
   - name: 'disk_async'
     primary_resource_id: 'primary'
     primary_resource_name: 'fmt.Sprintf("tf-test-test-disk%s", context["random_suffix"])'
@@ -173,62 +168,21 @@ properties:
       If you do not provide an encryption key when creating the disk, then
       the disk will be encrypted using an automatically generated key and
       you do not need to provide a key to use the disk later.
+    immutable: true
     properties:
       - name: 'rawKey'
         type: String
         description: |
           Specifies a 256-bit customer-supplied encryption key, encoded in
           RFC 4648 base64 to either encrypt or decrypt this resource.
         sensitive: true
-        immutable: true
-        custom_flatten: 'templates/terraform/custom_flatten/compute_key_flatten.go.tmpl'
-        conflicts:
-          - 'disk_encryption_key.0.rawKeyWo'
-      - name: 'rawKeyWoVersion'
-        type: Integer
-        description: |
-          Triggers update of write-only rawKey
-        immutable: true
-        default_value: 0
-        ignore_read: true
-      - name: 'rawKeyWo'
-        type: String
-        description: |
-          Specifies a 256-bit customer-supplied encryption key, encoded in
-          RFC 4648 base64 to either encrypt or decrypt this resource.
-        write_only: true
-        required_with:
-          - 'disk_encryption_key.0.rawKeyWoVersion'
-        conflicts:
-          - 'disk_encryption_key.0.rawKey'
-      - name: 'rsaEncryptedKeyWoVersion'
-        type: Integer
-        description: |
-          Triggers update of write-only rsaEncryptedKey
-        immutable: true
-        default_value: 0
-        ignore_read: true
       - name: 'rsaEncryptedKey'
         type: String
-        immutable: true
-        custom_flatten: 'templates/terraform/custom_flatten/compute_rsa_key_flatten.go.tmpl'
         description: |
           Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit
           customer-supplied encryption key to either encrypt or decrypt
           this resource. You can provide either the rawKey or the rsaEncryptedKey.
         sensitive: true
-        conflicts:
-          - 'disk_encryption_key.0.rsaEncryptedKeyWo'
-      - name: 'rsaEncryptedKeyWo'
-        type: String
-        description: |
-          Specifies a 256-bit customer-supplied encryption key, encoded in
-          RFC 4648 base64 to either encrypt or decrypt this resource.
-        write_only: true
-        required_with:
-          - 'disk_encryption_key.0.rsaEncryptedKeyWoVersion'
-        conflicts:
-          - 'disk_encryption_key.0.rsaEncryptedKey'
       - name: 'sha256'
         type: String
         description: |
@@ -237,7 +191,6 @@ properties:
         output: true
       - name: 'kmsKeySelfLink'
         type: String
-        immutable: true
         description: |
           The self link of the encryption key used to encrypt the disk. Also called KmsKeyName
           in the cloud console. Your project's Compute Engine System service account
@@ -248,7 +201,6 @@ properties:
         diff_suppress_func: 'tpgresource.CompareSelfLinkRelativePaths'
       - name: 'kmsKeyServiceAccount'
         type: String
-        immutable: true
         description: |
           The service account used for the encryption request for the given KMS key.
           If absent, the Compute Engine Service Agent service account is used.

diff --git a/mmv1/products/compute/RegionDisk.yaml b/mmv1/products/compute/RegionDisk.yaml
@@ -61,7 +61,6 @@ custom_code:
   encoder: 'templates/terraform/encoders/disk.tmpl'
   decoder: 'templates/terraform/decoders/disk.tmpl'
   pre_delete: 'templates/terraform/pre_delete/detach_disk.tmpl'
-  raw_resource_config_validation: 'templates/terraform/validation/compute_region_disk.go.tmpl'
 custom_diff:
   - 'customdiff.ForceNewIfChange("size", IsDiskShrinkage)'
   - 'hyperDiskIopsUpdateDiffSuppress'
@@ -73,13 +72,6 @@ examples:
       region_disk_name: 'my-region-disk'
       disk_name: 'my-disk'
       snapshot_name: 'my-snapshot'
-  - name: 'region_disk_disk_encryption_key_wo'
-    primary_resource_id: 'regiondisk'
-    primary_resource_name: 'fmt.Sprintf("tf-test-my-region-disk%s", context["random_suffix"])'
-    vars:
-      region_disk_name: 'my-region-disk'
-      disk_name: 'my-disk'
-      snapshot_name: 'my-snapshot'
   - name: 'region_disk_async'
     primary_resource_id: 'primary'
     primary_resource_name: 'fmt.Sprintf("tf-test-my-region-disk%s", context["random_suffix"])'
@@ -132,34 +124,14 @@ properties:
       If you do not provide an encryption key when creating the disk, then
       the disk will be encrypted using an automatically generated key and
       you do not need to provide a key to use the disk later.
+    immutable: true
     properties:
       - name: 'rawKey'
         type: String
         description: |
           Specifies a 256-bit customer-supplied encryption key, encoded in
           RFC 4648 base64 to either encrypt or decrypt this resource.
         sensitive: true
-        immutable: true
-        custom_flatten: 'templates/terraform/custom_flatten/compute_key_flatten.go.tmpl'
-        conflicts:
-          - 'disk_encryption_key.0.rawKeyWo'
-      - name: 'rawKeyWo'
-        type: String
-        description: |
-          Specifies a 256-bit customer-supplied encryption key, encoded in
-          RFC 4648 base64 to either encrypt or decrypt this resource.
-        write_only: true
-        required_with:
-          - 'disk_encryption_key.0.rawKeyWoVersion'
-        conflicts:
-          - 'disk_encryption_key.0.rawKey'
-      - name: 'rawKeyWoVersion'
-        type: Integer
-        description: |
-          Triggers update of write-only rawKey
-        ignore_read: true
-        default_value: 0
-        immutable: true
       - name: 'sha256'
         type: String
         description: |
@@ -169,7 +141,6 @@ properties:
         # TODO(chrisst) Change to ResourceRef once KMS is in Magic Modules
       - name: 'kmsKeyName'
         type: String
-        immutable: true
         description: |
           The name of the encryption key that is stored in Google Cloud KMS.
   - name: 'sourceSnapshotEncryptionKey'

diff --git a/mmv1/products/secretmanager/SecretVersion.yaml b/mmv1/products/secretmanager/SecretVersion.yaml
@@ -41,7 +41,6 @@ custom_code:
   custom_update: 'templates/terraform/custom_update/secret_version.go.tmpl'
   pre_delete: 'templates/terraform/pre_delete/secret_version_deletion_policy.go.tmpl'
   custom_import: 'templates/terraform/custom_import/secret_version.go.tmpl'
-  raw_resource_config_validation: 'templates/terraform/validation/secret_version.go.tmpl'
 # Sweeper skipped as this resource has customized deletion.
 exclude_sweeper: true
 examples:
@@ -50,11 +49,6 @@ examples:
     vars:
       secret_id: 'secret-version'
       data: 'secret-data'
-  - name: 'secret_version_basic_write_only'
-    primary_resource_id: 'secret-version-basic-write-only'
-    vars:
-      secret_id: 'secret-version-write-only'
-      data: 'secret-data-write-only'
   - name: 'secret_version_deletion_policy_abandon'
     primary_resource_id: 'secret-version-deletion-policy'
     vars:
@@ -78,15 +72,6 @@ examples:
       'data': '"./test-fixtures/binary-file.pfx"'
     ignore_read_extra:
       - 'is_secret_data_base64'
-  - name: 'secret_version_with_base64_string_secret_data_write_only'
-    primary_resource_id: 'secret-version-base64-write-only'
-    vars:
-      secret_id: 'secret-version-base64-write-only'
-      data: 'secret-data-base64-write-only.pfx'
-    test_vars_overrides:
-      'data': '"./test-fixtures/binary-file.pfx"'
-    ignore_read_extra:
-      - 'is_secret_data_base64'
 virtual_fields:
   - name: 'deletion_policy'
     description: |
@@ -145,29 +130,13 @@ properties:
     description: The secret payload of the SecretVersion.
     required: true
     custom_flatten: 'templates/terraform/custom_flatten/secret_version_access.go.tmpl'
-    custom_expand: 'templates/terraform/custom_expand/secret_version_access.go.tmpl'
     flatten_object: true
     properties:
-      - name: 'secretData'
+      - name: 'secret_data'
         type: String
         description: The secret data. Must be no larger than 64KiB.
         api_name: data
-        conflicts:
-          - 'secretDataWo'
+        required: true
         immutable: true
         sensitive: true
-      - name: 'secretDataWo'
-        type: String
-        description: The secret data. Must be no larger than 64KiB.
-        api_name: data
-        required_with:
-          - 'SecretDataWoVersion'
-        conflicts:
-          - 'payload.0.secretData'
-        write_only: true
-      - name: 'SecretDataWoVersion'
-        type: Integer
-        default_value: 0
-        ignore_read: true
-        description: Triggers update of secret data write-only
-        immutable: true
+        custom_expand: 'templates/terraform/custom_expand/secret_version_secret_data.go.tmpl'