Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Azure example #36636

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Add Azure example #36636

wants to merge 2 commits into from

Conversation

rkoron007
Copy link
Contributor

Add Azure examples to write-only arguments!

@rkoron007 rkoron007 added 1.11-backport If you add this label to a PR before merging, backport-assistant will open a new PR once merged no-changelog-needed Add this to your PR if the change does not require a changelog entry labels Mar 4, 2025
@rkoron007 rkoron007 self-assigned this Mar 4, 2025
@rkoron007 rkoron007 requested review from a team as code owners March 4, 2025 22:51
trujillo-adam
trujillo-adam approved these changes Mar 5, 2025
View reviewed changes
Copy link
Contributor

@trujillo-adam trujillo-adam left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few minor suggestion -- approving so you're not blocked.

website/docs/language/resources/ephemeral/write-only.mdx
@@ -78,7 +78,7 @@ resource "aws_db_instance" "example" {

During a Terraform operation, the provider uses the `password_wo` value to create the database instance, and then Terraform discards that value without storing it in the plan or state file.

Note that the way this is written, the `password_wo` value is lost after Terraform generates unless we capture it in another resource or output. For example of generating, storing, retrieving, and using an ephemeral password as a write-only argument, refer to the [expanded example below](#example).
Note that the way this is written, the `password_wo` value is lost after Terraform generates unless we capture it in another resource or output. For example of generating, storing, retrieving, and using an ephemeral password as a write-only argument, refer to the [expanded example below](#examples).
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Note that the way this is written, the `password_wo` value is lost after Terraform generates unless we capture it in another resource or output. For example of generating, storing, retrieving, and using an ephemeral password as a write-only argument, refer to the [expanded example below](#examples).
Note that Terraform does not store the generated value for `password_wo`, but you can capture it in another resource or output. For an example of generating, storing, retrieving, and using an ephemeral password as a write-only argument, refer to [Examples](#examples).

Replace "the way this is written" with more concrete language.

website/docs/language/resources/ephemeral/write-only.mdx
@@ -167,4 +171,30 @@ In the above example, the ephemeral resource `aws_secretsmanager_secret_version`

Terraform first creates the secret in AWS Secrets Manager using the ephemeral `random_password`, then retrieve it using the ephemeral `aws_secretsmanager_secret_version` resource, and finally write the password to the write-only `password_wo` argument of the `aws_db_instance` resource.

### Create a MySQL database in Azure

Another example of a using a write-only argument is to create a MySQL database in Azure. In this example, Terraform generates an password using an `ephemeral` resource and passes it to the `administrator_password_wo` write-only argument of the `azurerm_mysql_flexible_server` resource:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Another example of a using a write-only argument is to create a MySQL database in Azure. In this example, Terraform generates an password using an `ephemeral` resource and passes it to the `administrator_password_wo` write-only argument of the `azurerm_mysql_flexible_server` resource:
You can use a write-only argument to create a MySQL database in Azure. In the following example, Terraform generates an password using an `ephemeral` resource and passes it to the `administrator_password_wo` write-only argument of the `azurerm_mysql_flexible_server` resource:

If someone just scanned and started reading this example, "Another example . . . " would be jarring. We should avoid assuming that someone is reading the page linearly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@robin-norwood robin-norwood robin-norwood approved these changes

@trujillo-adam trujillo-adam trujillo-adam approved these changes

Assignees

@rkoron007 rkoron007

Labels
1.11-backport If you add this label to a PR before merging, backport-assistant will open a new PR once merged no-changelog-needed Add this to your PR if the change does not require a changelog entry
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rkoron007 @robin-norwood @trujillo-adam