This commit adds a new callback, DiffSuppressFunc, to the schema.Schema
structure. If set for a given schema, a callback to the user-supplied
function will be made for each attribute for which the default
type-based diff mechanism produces an attribute diff. Returning `true`
from the callback will suppress the diff (i.e. pretend there was no
diff), and returning false will retain it as part of the plan.
There are a number of motivating examples for this - one of which is
included as an example:
1. On SSH public keys, trailing whitespace does not matter in many
cases - and in some cases it is added by provider APIs. For
digitalocean_ssh_key resources we previously had a StateFunc that
trimmed the whitespace - we now have a DiffSuppressFunc which
verifies whether the trimmed strings are equivalent.
2. IAM policy equivalence for AWS. A good proportion of AWS issues
relate to IAM policies which have been "normalized" (used loosely)
by the IAM API endpoints. This can make the JSON strings differ
from those generated by iam_policy_document resources or template
files, even though the semantics are the same (for example,
reordering of `bucket-prefix/` and `bucket-prefix/*` in an S3
bucket policy. DiffSupressFunc can be used to test for semantic
equivalence rather than pure text equivalence, but without having to
deal with the complexity associated with a full "provider-land" diff
implementation without helper/schema.
```
make testacc TEST=./builtin/providers/digitalocean
TESTARGS='-run=TestAccDigitalOceanSSHKey_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /vendor/)
TF_ACC=1 go test ./builtin/providers/digitalocean -v -run=TestAccDigitalOceanSSHKey_ -timeout 120m
=== RUN TestAccDigitalOceanSSHKey_importBasic
--- PASS: TestAccDigitalOceanSSHKey_importBasic (2.13s)
=== RUN TestAccDigitalOceanSSHKey_Basic
--- PASS: TestAccDigitalOceanSSHKey_Basic (1.52s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/digitalocean
3.665s
```
This applies the same fix to `digitalocean_ssh_key` as #5588 applies to
droplets. Fixes#5402. The report there gives weight to my theory that
this occurs when there are transport issues.
The error string for 404s on DNS domains has (apparently)
changed, causing things to be a little sad when you modify
DNS domains from the DO console instead of terraform. This
is just the same fix as was applied to droplets around this
time last month.
While I was at it I just fixed this everywhere I saw it in the
DO provider source tree.
James Nugent