Prevent permanent diff on argocd_repository with inherited credentials (#296)

onematchfox · web-flow · commit 2bdbf5cec879 · 2023-06-09T07:33:03.000+02:00
* fix: prevent permanent diff on repository with inherited credentials

* build: bump test versions to latest patch(es)
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -48,7 +48,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        argocd_version: ["v2.5.0", "v2.5.17", "v2.6.0", "v2.6.8", "v2.7.3"]
+        argocd_version: ["v2.5.18", "v2.6.9", "v2.7.4"]
     steps:
       - name: Check out code
         uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
diff --git a/argocd/structure_repository.go b/argocd/structure_repository.go
@@ -96,23 +96,30 @@ func flattenRepository(repository *application.Repository, d *schema.ResourceDat
 		"insecure":                repository.Insecure,
 		"name":                    repository.Name,
 		"project":                 repository.Project,
-		// TODO: in case of repositoryCredentials existence, will perma-diff
-		//"username":                		repository.Username,
-		// TODO: ArgoCD API does not return sensitive data!
-		//"password":                		repository.Password,
-		//"ssh_private_key":         		repository.SSHPrivateKey,
-		//"tls_client_cert_key":     		repository.TLSClientCertKey,
-		"tls_client_cert_data":          repository.TLSClientCertData,
-		"type":                          repository.Type,
-		"githubapp_enterprise_base_url": repository.GitHubAppEnterpriseBaseURL,
-	}
+		"type":                    repository.Type,
 
-	if repository.GithubAppId > 0 {
-		r["githubapp_id"] = convertInt64ToString(repository.GithubAppId)
+		// ArgoCD API does not return sensitive data so we can't track the state of these attributes.
+		// "password":              repository.Password,
+		// "ssh_private_key":       repository.SSHPrivateKey,
+		// "tls_client_cert_key":   repository.TLSClientCertKey,
+		// "githubapp_private_key": repository.GithubAppPrivateKey,
 	}
 
-	if repository.GithubAppInstallationId > 0 {
-		r["githubapp_installation_id"] = convertInt64ToString(repository.GithubAppInstallationId)
+	if !repository.InheritedCreds {
+		// To prevent perma-diff in case of existence of repository credentials
+		// existence, we only track the state of these values when the
+		// repository is not inheriting credentials
+		r["githubapp_enterprise_base_url"] = repository.GitHubAppEnterpriseBaseURL
+		r["tls_client_cert_data"] = repository.TLSClientCertData
+		r["username"] = repository.Username
+
+		if repository.GithubAppId > 0 {
+			r["githubapp_id"] = convertInt64ToString(repository.GithubAppId)
+		}
+
+		if repository.GithubAppInstallationId > 0 {
+			r["githubapp_installation_id"] = convertInt64ToString(repository.GithubAppInstallationId)
+		}
 	}
 
 	for k, v := range r {
