Marks fields sensitive and use ForceNew (#106)

Hide sensitive fields
Use Force New to allow users to replace a resource rather than erroring
Add instance_name and token as readable values to match data source
behaviour

Author: mitch-hamm

cloud/data_source_apikey.go

@@ -18,14 +18,15 @@ import (
 	"context"
 	"encoding/base64"
 	"fmt"
+	"strings"
+
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/lestrrat-go/jwx/v2/jwa"
 	"github.com/lestrrat-go/jwx/v2/jwe"
 	"github.com/streamnative/terraform-provider-streamnative/cloud/util"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"strings"
 )
 
 func dataSourceApiKey() *schema.Resource {
@@ -60,6 +61,7 @@ func dataSourceApiKey() *schema.Resource {
 			"private_key": {
 				Type:        schema.TypeString,
 				Optional:    true,
+				Sensitive:   true,
 				Description: descriptions["private_key"],
 			},
 			"instance_name": {
@@ -80,6 +82,7 @@ func dataSourceApiKey() *schema.Resource {
 			"token": {
 				Type:        schema.TypeString,
 				Computed:    true,
+				Sensitive:   true,
 				Description: descriptions["token"],
 			},
 			"ready": {

cloud/data_source_pulsar_cluster.go

@@ -268,6 +268,7 @@ func dataSourcePulsarCluster() *schema.Resource {
 func dataSourcePulsarClusterRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
 	namespace := d.Get("organization").(string)
 	name := d.Get("name").(string)
+	instanceName := d.Get("instance_name").(string)
 	clientSet, err := getClientSet(getFactoryFromMeta(meta))
 	if err != nil {
 		return diag.FromErr(fmt.Errorf("ERROR_INIT_CLIENT_ON_READ_PULSAR_CLUSTER: %w", err))
@@ -366,6 +367,10 @@ func dataSourcePulsarClusterRead(ctx context.Context, d *schema.ResourceData, me
 	if releaseChannel != "" {
 		_ = d.Set("release_channel", releaseChannel)
 	}
+
+	if instanceName != "" {
+		_ = d.Set("instance_name", instanceName)
+	}
 	d.SetId(fmt.Sprintf("%s/%s", pulsarCluster.Namespace, pulsarCluster.Name))
 	return nil
 }

cloud/resource_apikey.go

@@ -45,15 +45,6 @@ func resourceApiKey() *schema.Resource {
 				// This is create event, so we don't need to check the diff.
 				return nil
 			}
-			if diff.HasChange("name") ||
-				diff.HasChange("organization") ||
-				diff.HasChange("instance_name") ||
-				diff.HasChange("service_account_name") ||
-				diff.HasChange("expiration_time") {
-				return fmt.Errorf("ERROR_UPDATE_API_KEY: " +
-					"The api key does not support updates organization, " +
-					"name, instance_name, service_account_name and expiration_time, please recreate it")
-			}
 			return nil
 		},
 		Importer: &schema.ResourceImporter{
@@ -76,28 +67,39 @@ func resourceApiKey() *schema.Resource {
 			"organization": {
 				Type:         schema.TypeString,
 				Required:     true,
+				ForceNew:     true,
 				Description:  descriptions["organization"],
 				ValidateFunc: validateNotBlank,
 			},
 			"name": {
 				Type:         schema.TypeString,
 				Required:     true,
+				ForceNew:     true,
 				Description:  descriptions["apikey_name"],
 				ValidateFunc: validateNotBlank,
 			},
 			"instance_name": {
 				Type:        schema.TypeString,
 				Required:    true,
+				ForceNew:    true,
 				Description: descriptions["instance_name"],
 			},
+			"token": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Sensitive:   true,
+				Description: descriptions["token"],
+			},
 			"service_account_name": {
 				Type:        schema.TypeString,
 				Required:    true,
+				ForceNew:    true,
 				Description: descriptions["service_account_name"],
 			},
 			"expiration_time": {
 				Type:        schema.TypeString,
 				Optional:    true,
+				ForceNew:    true,
 				Description: descriptions["expiration_time"],
 			},
 			"revoke": {
@@ -128,6 +130,7 @@ func resourceApiKey() *schema.Resource {
 			"private_key": {
 				Type:        schema.TypeString,
 				Computed:    true,
+				Sensitive:   true,
 				Description: descriptions["private_key"],
 			},
 			"key_id": {