From a0faf72bd6c5b7f7cfaaed7d25299a30c8dd4696 Mon Sep 17 00:00:00 2001 From: Baaji Shayeed Shaik Date: Thu, 15 Feb 2024 03:40:26 -0600 Subject: [PATCH] fix: prevent assigning incorrect resource ID for sensitive variables that share same name, type and at least one matching scope. Problem: When multiple sensitive variables with same name, type, description and different scope are created, if one of their scoping matches then the id of incorrect variable is being used to set the Resource ID. Solving this by making sure all the scopes are also matched for sensitive variables so that appropriate variable id is assigned to Resource ID. --- octopusdeploy/resource_variable.go | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/octopusdeploy/resource_variable.go b/octopusdeploy/resource_variable.go index dcb8db8c5..1a9dae767 100644 --- a/octopusdeploy/resource_variable.go +++ b/octopusdeploy/resource_variable.go @@ -82,11 +82,27 @@ func resourceVariableCreate(ctx context.Context, d *schema.ResourceData, m inter for _, v := range variableSet.Variables { if v.Name == variable.Name && v.Type == variable.Type && (v.IsSensitive || v.Value == variable.Value) && v.Description == variable.Description && v.IsSensitive == variable.IsSensitive { - scopeMatches, _, err := variables.MatchesScope(v.Scope, &variable.Scope) + atleastOneScopeMatched, matchedScopes, err := variables.MatchesScope(v.Scope, &variable.Scope) if err != nil { return diag.FromErr(err) } - if scopeMatches { + + if atleastOneScopeMatched { + // when the variable is sensitive, make sure all the scopes are matching. + if v.IsSensitive { + _, allEnvironmentsMatch := validateAllSliceItemsInSlice(variable.Scope.Environments, matchedScopes.Environments) + _, allRolesMatch := validateAllSliceItemsInSlice(variable.Scope.Roles, matchedScopes.Roles) + _, allMachinesMatch := validateAllSliceItemsInSlice(variable.Scope.Machines, matchedScopes.Machines) + _, allActionsMatch := validateAllSliceItemsInSlice(variable.Scope.Actions, matchedScopes.Actions) + _, allChannelsMatch := validateAllSliceItemsInSlice(variable.Scope.Channels, matchedScopes.Channels) + _, allTenantTagsMatch := validateAllSliceItemsInSlice(variable.Scope.TenantTags, matchedScopes.TenantTags) + _, allProcessOwnersMatch := validateAllSliceItemsInSlice(variable.Scope.ProcessOwners, matchedScopes.ProcessOwners) + + // if any one of the scopes does not match then continue to next variable in the variable set. + if !(allEnvironmentsMatch && allRolesMatch && allMachinesMatch && allActionsMatch && allChannelsMatch && allTenantTagsMatch && allProcessOwnersMatch) { + continue + } + } d.SetId(v.ID) log.Printf("[INFO] variable created (%s)", d.Id()) return nil