terraform-provider-vercel
terraform-provider-vercel copied to clipboard
chronark
Improve support for vercel_env type "encrypted"
While not documented by this repo, you can successfully create a vercel_env with type encrypted.
However, these resources will always have changes applied to them. It would be great if support for type = "encrypted" was improved, as Vercel is planning to deprecate secrets https://vercel.com/docs/rest-api#endpoints/secrets
Terraform Version
Terraform v1.0.11 on linux_amd64
- provider registry.terraform.io/chronark/vercel v0.14.2
Affected Resource(s)
- vercel_env
Terraform Configuration Files
resource "vercel_project" "test" {
name = "test"
git_repository {
type = "github"
repo = "marklawlor/test"
}
framework = "nextjs"
}
resource "vercel_env" "test" {
project_id = vercel_project.test.id
type = "encrypted"
key = "test"
value = random_password.test.result
target = ["production"]
}
resource "random_password" "test" {
length = 16
special = true
}
Expected Behavior
Should detect no changes when running terraform apply multiple times
Actual Behavior
~ resource "vercel_env" "test" {
id = "RiZ1UbFy3BbC6x3m"
~ key = "" -> "test"
~ target = [
+ "production",
]
~ type = "" -> "encrypted"
# Warning: this attribute value will no longer be marked as sensitive
# after applying this change.
~ value = (sensitive) -> (known after apply)
# (3 unchanged attributes hidden)
}
Hey @marklawlor Yes we should move towards the new method of creating variables where you don't have to specify whether they are encrypted or not. I just haven't found the time to do it yet but it's bugging me too :)
I can't get env to work
resource "vercel_env" "test" {
project_id = vercel_project.my_app.id
type = "encrypted"
key = "hello"
value = "world"
target = ["production", "preview", "development"]
}
results in
│ Error: Unable to request resource: [POST] /v6/projects/prj_rHBY7I2r7kDvDjkQu7w6XRXXXXXu/env with payload {}: Error during http request: map[error:map[code:NOT_FOUND]]
│
│ with vercel_env.test,
│ on main.tf line 62, in resource "vercel_env" "test":
│ 62: resource "vercel_env" "test" {
I initially thought this was caused by the v6 API being deprecated but I can't find any reference to that in Vercel's changelog.
I'm surprised to see you got it to work @marklawlor
I doubt something changed in 7 days but I still thought I'd share this in case anybody else encounters the same issue with vercel_env
@GuiSim I just successfully deployed a test project with this exact config
terraform {
required_version = ">= 1.0.11"
required_providers {
vercel = {
source = "registry.terraform.io/chronark/vercel"
version = "0.14.2"
}
}
}
provider "vercel" {
token = "<my-api-token>"
}
resource "vercel_project" "test" {
name = "test2"
git_repository {
type = "github"
repo = "<my-repo>"
}
framework = "nextjs"
}
resource "vercel_env" "test" {
project_id = vercel_project.test.id
type = "encrypted"
key = "test"
value = random_password.test.result
target = ["production"]
}
resource "random_password" "test" {
length = 16
special = true
}
Maybe because I've only tested this with newly created projects? Or maybe a difference in version numbers?
Actually, I think I may know the cause of your issue and possibly this needs to be logged as another issue.
There seems to be a couple of edge cases that fail during an vercel_env replacement/deletion. Basically the env has been removed from vercel but terraform thinks it still exists. I don't have exact details as I never looked into it, but a couple of times I've needed to manually remove the vercel_env from state & vercel.com so I can apply the plan again.
Thank you @marklawlor
I apologize for hijacking this issue as I thought my problem was related.
Turns out it was caused by a missing team_id on the vercel_env.
My suggestion would be to have the team_id settable directly on the provider config.
Now I need to figure out how to import vercel_env entries ;)
Thank you for the help!
Yeah I actually want to change the way you add by including the env specification inside the project resource. That way you don't have to provide team and project every time. I'll hopefully have a few hours on Sunday to flesh it out
Thanks Andreas! All good on my end, I got everything to work now 😃
I did encounter a bug where 'encrypted' would encrypt twice but that seems to have resolved itself.
On Fri, Nov 26, 2021 at 2:27 PM Andreas Thomas @.***> wrote:
Yeah I actually want to change the way you add by including the env specification inside the project resource. That way you don't have to provide team and project every time. I'll hopefully have a few hours on Sunday to flesh it out
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/chronark/terraform-provider-vercel/issues/53#issuecomment-980337840, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAPIMBTZ7CKAJAJJCGO4YZ3UN7NQPANCNFSM5IIFXE2A .
-- Guillaume S.