Skip to content

Comments

Update key_prefix resource to only write updated keys#456

Open
mbillow wants to merge 1 commit intohashicorp:mainfrom
mbillow:only-write-key-prefix-updates
Open

Update key_prefix resource to only write updated keys#456
mbillow wants to merge 1 commit intohashicorp:mainfrom
mbillow:only-write-key-prefix-updates

Conversation

@mbillow
Copy link

@mbillow mbillow commented Sep 16, 2025

Overview

Currently the consul_key_prefix resource reads all of the keys from Consul, compares this against the provided configuration, and rewrites all of the existing keys whether they have been updated or not. This is causes a large amount of needless writes when the resource is used to manage keys at scale. This change simply adds validation if a subkey or items in the subkeys map are in the correct state and skips them in the update stage.

This change also makes the change plans that Terraform generates match the eventual API calls made to Consul.

Previously, this change actually made 9 API calls, now it properly makes 2, like the plan suggests:

Terraform will perform the following actions:

  # consul_key_prefix.myapp_config will be updated in-place
  ~ resource "consul_key_prefix" "myapp_config" {
        id          = "myapp/config/"
      ~ subkeys     = {
          - "gux" = "gux" -> null
          + "hux" = "hux"
            # (7 unchanged elements hidden)
        }
        # (2 unchanged attributes hidden)
    }

PCI review checklist

  • I have documented a clear reason for, and description of, the change I am making.

  • If applicable, I've documented a plan to revert these changes if they require more than reverting the pull request.

  • If applicable, I've documented the impact of any changes to security controls.

    Examples of changes to security controls include using new access control methods, adding or removing logging pipelines, etc.

@mbillow mbillow requested a review from a team as a code owner September 16, 2025 19:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant