initial version of fix

Author: ilia-medvedev-codefresh

codefresh/cfclient/context.go

@@ -31,8 +31,13 @@ func (context *Context) GetID() string {
 	return context.Metadata.Name
 }
 
-func (client *Client) GetContext(name string) (*Context, error) {
-	fullPath := fmt.Sprintf("/contexts/%s?decrypt=true", url.PathEscape(name))
+func (client *Client) GetContext(name string, decrypt bool) (*Context, error) {
+	fullPath := fmt.Sprintf("/contexts/%s", url.PathEscape(name))
+
+	if decrypt {
+		fullPath += "?decrypt=true"
+	}
+
 	opts := RequestOptions{
 		Path:   fullPath,
 		Method: "GET",

codefresh/data_context.go

@@ -36,7 +36,7 @@ func dataSourceContextRead(d *schema.ResourceData, meta interface{}) error {
 	var err error
 
 	if name, nameOk := d.GetOk("name"); nameOk {
-		context, err = client.GetContext(name.(string))
+		context, err = client.GetContext(name.(string), true)
 	} else {
 		return fmt.Errorf("data.codefresh_context - must specify name")
 	}

codefresh/resource_context.go

@@ -28,6 +28,11 @@ var supportedContextType = []string{
 	contextSecretYaml,
 }
 
+var encryptedContextTypes = []string{
+	contextSecret,
+	contextSecretYaml,
+}
+
 func getConflictingContexts(context string) []string {
 	var conflictingTypes []string
 	normalizedContext := schemautil.MustNormalizeFieldName(context)
@@ -57,6 +62,12 @@ func resourceContext() *schema.Resource {
 				Required:    true,
 				ForceNew:    true,
 			},
+			"decrypt_spec": {
+				Type:        schema.TypeBool,
+				Default:     true,
+				Optional:    true,
+				Description: "Whether to allow decryption of context spec for encrypted contexts on read. If set to false context content diff will not be calculated against the API. Must be set to false if `forbidDecrypt` feature flag on Codefresh platfrom is enabled",
+			},
 			"spec": {
 				Description: "The context's specs.",
 				Type:        schema.TypeList,
@@ -174,12 +185,18 @@ func resourceContextRead(d *schema.ResourceData, meta interface{}) error {
 
 	contextName := d.Id()
 
+	currentContextType := getContextTypeFromResource(d)
+
+	// Explicitly set decypt flag to true only if context type is encrypted and decrypt_spec is set to true
+	setExplicitDecrypt := contains(encryptedContextTypes, currentContextType) && d.Get("decrypt_spec").(bool)
+
 	if contextName == "" {
 		d.SetId("")
 		return nil
 	}
 
-	context, err := client.GetContext(contextName)
+	context, err := client.GetContext(contextName, setExplicitDecrypt)
+
 	if err != nil {
 		log.Printf("[DEBUG] Error while getting context. Error = %v", contextName)
 		return err
@@ -225,14 +242,22 @@ func resourceContextDelete(d *schema.ResourceData, meta interface{}) error {
 func mapContextToResource(context cfclient.Context, d *schema.ResourceData) error {
 
 	err := d.Set("name", context.Metadata.Name)
+
 	if err != nil {
 		return err
 	}
 
-	err = d.Set("spec", flattenContextSpec(context.Spec))
-	if err != nil {
-		log.Printf("[DEBUG] Failed to flatten Context spec = %v", context.Spec)
-		return err
+	currentContextType := getContextTypeFromResource(d)
+
+	// Read spec from API if context is not encrypted or decrypt_spec is set to true explicitly
+	if d.Get("decrypt_spec").(bool) || !contains(encryptedContextTypes, currentContextType) {
+
+		err = d.Set("spec", flattenContextSpec(context.Spec))
+
+		if err != nil {
+			log.Printf("[DEBUG] Failed to flatten Context spec = %v", context.Spec)
+			return err
+		}
 	}
 
 	return nil
@@ -253,7 +278,6 @@ func flattenContextSpec(spec cfclient.ContextSpec) []interface{} {
 	case contextAzureStorage:
 		m[schemautil.MustNormalizeFieldName(currentContextType)] = storageContext.FlattenAzureStorageContextConfig(spec)
 	default:
-		log.Printf("[DEBUG] Invalid context type = %v", currentContextType)
 		return nil
 	}
 
@@ -319,3 +343,23 @@ func mapResourceToContext(d *schema.ResourceData) *cfclient.Context {
 		},
 	}
 }
+
+func getContextTypeFromResource(d *schema.ResourceData) string {
+	if _, ok := d.GetOk("spec.0." + schemautil.MustNormalizeFieldName(contextConfig) + ".0.data"); ok {
+		return contextConfig
+	} else if _, ok := d.GetOk("spec.0." + schemautil.MustNormalizeFieldName(contextSecret) + ".0.data"); ok {
+		return contextSecret
+	} else if _, ok := d.GetOk("spec.0." + schemautil.MustNormalizeFieldName(contextYaml) + ".0.data"); ok {
+		return contextYaml
+	} else if _, ok := d.GetOk("spec.0." + schemautil.MustNormalizeFieldName(contextSecretYaml) + ".0.data"); ok {
+		return contextSecretYaml
+	} else if _, ok := d.GetOk("spec.0." + schemautil.MustNormalizeFieldName(contextGoogleStorage) + ".0.data"); ok {
+		return contextGoogleStorage
+	} else if _, ok := d.GetOk("spec.0." + schemautil.MustNormalizeFieldName(contextS3Storage) + ".0.data"); ok {
+		return contextS3Storage
+	} else if _, ok := d.GetOk("spec.0." + schemautil.MustNormalizeFieldName(contextAzureStorage) + ".0.data"); ok {
+		return contextAzureStorage
+	}
+
+	return ""
+}

codefresh/resource_context_test.go

@@ -159,7 +159,7 @@ func testAccCheckCodefreshContextExists(resource string) resource.TestCheckFunc
 		contextID := rs.Primary.ID
 
 		apiClient := testAccProvider.Meta().(*cfclient.Client)
-		_, err := apiClient.GetContext(contextID)
+		_, err := apiClient.GetContext(contextID, true)
 
 		if err != nil {
 			return fmt.Errorf("error fetching context with ID %s. %s", contextID, err)
@@ -177,7 +177,7 @@ func testAccCheckCodefreshContextDestroy(s *terraform.State) error {
 			continue
 		}
 
-		_, err := apiClient.GetContext(rs.Primary.ID)
+		_, err := apiClient.GetContext(rs.Primary.ID, true)
 
 		if err == nil {
 			return fmt.Errorf("Alert still exists")
@@ -204,7 +204,7 @@ resource "codefresh_context" "test" {
 
   spec {
 	config {
-		data = { 
+		data = {
 			%q = %q
 			%q = %q
 		}
@@ -223,7 +223,7 @@ resource "codefresh_context" "test" {
 
   spec {
 	secret {
-		data = { 
+		data = {
 			%q = %q
 			%q = %q
 		}