terraform-provider-digitalocean icon indicating copy to clipboard operation
terraform-provider-digitalocean copied to clipboard

Published 20 hours ago verified publisher icon digitalocean

Imported MongoDB digitalocean_database_user password not exported

Open rhpereda opened this issue 2 years ago • 2 comments

Hi, I'm using the version 2.19.0 and it seems that this issue is back: https://github.com/digitalocean/terraform-provider-digitalocean/pull/697 when importing an already existing user. So far i'm unable to get the password value. Maybe have something to do with this fix: https://github.com/digitalocean/terraform-provider-digitalocean/issues/812.

the resources creation:

resource "digitalocean_database_user" "database_user" {
  count      = var.deployment_environment == "production" ? 1 : 0
  cluster_id = digitalocean_database_cluster.mongodb-production[0].id
  name       = "user-${var.project_name}"
}

Snippet of tf state

{
   "mode": "managed",
   "type": "digitalocean_database_user",
   "name": "database_user",
   "provider": "provider[\"registry.terraform.io/digitalocean/digitalocean\"]",
   "instances": [
     {
       "index_key": 0,
       "schema_version": 0,
       "attributes": {
         "cluster_id": "ae22bd23-d7ac-4b6f-a7d3-826a705e469a",
         "id": "ae22bd23-d7ac-4b6f-a7d3-826a705e469a/user/user-xxx",
         "mysql_auth_plugin": null,
         "name": "user-xxx",
         "password": null,
         "role": "normal"
       },
       "sensitive_attributes": [],
       "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjAifQ==",
       "dependencies": [
         "digitalocean_database_cluster.mongodb-production"
       ]
     }
   ]
 }

Thanks in advance...

rhpereda avatar Apr 13 '22 17:04 rhpereda

Hi there,

Thank you for this write up. The PRs and Github issue's you included were specific to creating new users. We don't currently support importing already existing users, only creating new ones. We will have to look into documenting this somewhere. Apologies for the inconvenience.

danaelhe avatar Apr 15 '22 01:04 danaelhe

To add a bit more context here, MongoDB user passwords are only ever shown when the user is created. In the control panel the password is not available on subsequent views nor is it available in GET responses in the API. It is only ever returned in the POST response creating the user or resting the password. So the Terraform provider is not currently able to support importing MongoDB users with their password. We could potentially reset the password on import, but that would likely be very surprising and could lead to breakage. Perhaps we can add a way to explicitly opt-in to that behavior.

andrewsomething avatar Apr 25 '22 17:04 andrewsomething