From 651cbbd85894b7140f20fe2de472179986b5c198 Mon Sep 17 00:00:00 2001 From: "alvarez.mauriciotm@gmail.com" Date: Tue, 14 Oct 2025 11:23:23 -0700 Subject: [PATCH 1/8] remove ephemeral attributes section from resource.go.tmpl --- .../templates/terraform/resource.html.markdown.tmpl | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/mmv1/templates/terraform/resource.html.markdown.tmpl b/mmv1/templates/terraform/resource.html.markdown.tmpl index bf0a55c4c680..d8efe2fdf92a 100644 --- a/mmv1/templates/terraform/resource.html.markdown.tmpl +++ b/mmv1/templates/terraform/resource.html.markdown.tmpl @@ -124,19 +124,6 @@ The following arguments are supported: {{- end}} {{- end }} {{- "" }} -{{- if $.WriteOnlyProps }} -## Ephemeral Attributes Reference - -The following write-only attributes are supported: -{{ range $p := $.RootProperties }} - {{- if or $p.WriteOnlyLegacy $p.WriteOnly }} -{{- trimTemplate "property_documentation.html.markdown.tmpl" $p }} - {{- end}} -{{- end }} -{{ range $p := $.AllUserProperties }} -{{- trimTemplate "nested_property_write_only_documentation.html.markdown.tmpl" $p }} -{{- end }} -{{- end }} ## Attributes Reference In addition to the arguments listed above, the following computed attributes are exported: From 50725bca2be401f7be5d60544a2ff4bc3cae1036 Mon Sep 17 00:00:00 2001 From: "alvarez.mauriciotm@gmail.com" Date: Tue, 14 Oct 2025 11:43:35 -0700 Subject: [PATCH 2/8] isnt needed since the note is added in property_documentation.html.markdown --- mmv1/api/resource.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/mmv1/api/resource.go b/mmv1/api/resource.go index 47c962e98b51..7bb8fc16c41b 100644 --- a/mmv1/api/resource.go +++ b/mmv1/api/resource.go @@ -763,7 +763,6 @@ func deduplicateSliceOfStrings(slice []string) []string { } func buildWriteOnlyField(name string, versionFieldName string, originalField *Type) *Type { - description := fmt.Sprintf("%s Note: This property is write-only and will not be read from the API. For more info see [updating write-only attributes](/docs/providers/google/guides/using_write_only_attributes.html#updating-write-only-attributes)", originalField.Description) originalFieldLineage := originalField.TerraformLineage() fieldPathCurrentField := strings.ReplaceAll(originalFieldLineage, google.Underscore(originalField.Name), google.Underscore(name)) requiredWith := strings.ReplaceAll(originalFieldLineage, google.Underscore(originalField.Name), google.Underscore(versionFieldName)) @@ -776,7 +775,7 @@ func buildWriteOnlyField(name string, versionFieldName string, originalField *Ty options := []func(*Type){ propertyWithType("String"), propertyWithRequired(false), - propertyWithDescription(description), + propertyWithDescription(originalField.Description), propertyWithWriteOnly(true), propertyWithApiName(apiName), propertyWithIgnoreRead(true), From 12faf58e91b409f6b6c9a4891edea59e9052d41e Mon Sep 17 00:00:00 2001 From: "alvarez.mauriciotm@gmail.com" Date: Tue, 14 Oct 2025 12:34:48 -0700 Subject: [PATCH 3/8] generate write-only properties in argument section + add One of note for write-only field --- mmv1/api/type.go | 3 +++ .../terraform/property_documentation.html.markdown.tmpl | 4 ++++ mmv1/templates/terraform/resource.html.markdown.tmpl | 4 ++-- 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/mmv1/api/type.go b/mmv1/api/type.go index 106b67d49898..be100e056d1e 100644 --- a/mmv1/api/type.go +++ b/mmv1/api/type.go @@ -176,6 +176,9 @@ type Type struct { // For more information, see: https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/write-only-arguments WriteOnly bool `yaml:"write_only,omitempty"` + // Used for generating write-only fields in documentation to be paired with their original fields + NonWriteOnlyApiName string + // TODO: remove this field after all references are migrated // see: https://github.com/GoogleCloudPlatform/magic-modules/pull/14933#pullrequestreview-3166578379 WriteOnlyLegacy bool `yaml:"write_only_legacy,omitempty"` // Adds `WriteOnlyLegacy: true` to the schema diff --git a/mmv1/templates/terraform/property_documentation.html.markdown.tmpl b/mmv1/templates/terraform/property_documentation.html.markdown.tmpl index 8625c579b125..e54f56db9902 100644 --- a/mmv1/templates/terraform/property_documentation.html.markdown.tmpl +++ b/mmv1/templates/terraform/property_documentation.html.markdown.tmpl @@ -13,6 +13,8 @@ {{- else }} {{- if $.Required }} (Required{{ if $.DeprecationMessage }}, Deprecated{{ end }}) + {{- else if or $.WriteOnlyLegacy $.WriteOnly }} + (Optional, Write-Only) {{- else if not $.Output }} (Optional{{ if $.DeprecationMessage }}, Deprecated{{ end }}) {{- else if and $.Output $.ParentMetadata }} @@ -38,6 +40,8 @@ {{- end }} {{- if or $.WriteOnlyLegacy $.WriteOnly }} **Note**: This property is write-only and will not be read from the API. + + * ~> **Note:** One of `{{ underscore $.Name }}` or `{{ underscore $.ApiName }}` can only be set. {{- end }} {{- if and (not $.FlattenObject) $.NestedProperties }} Structure is [documented below](#nested_{{ $.LineageAsSnakeCase}}). diff --git a/mmv1/templates/terraform/resource.html.markdown.tmpl b/mmv1/templates/terraform/resource.html.markdown.tmpl index d8efe2fdf92a..61ec5b0bef86 100644 --- a/mmv1/templates/terraform/resource.html.markdown.tmpl +++ b/mmv1/templates/terraform/resource.html.markdown.tmpl @@ -88,13 +88,13 @@ The following arguments are supported: {{ "" }} {{ "" }} {{- range $p := $.RootProperties }} - {{- if and $p.Required (not $p.WriteOnlyLegacy) (not $p.WriteOnly) }} + {{- if and $p.Required }} {{- trimTemplate "property_documentation.html.markdown.tmpl" $p -}} {{- end }} {{- end }} {{ "" }} {{- range $p := $.RootProperties }} - {{- if and (not $p.Required) (not $p.Output) (not $p.WriteOnlyLegacy) (not $p.WriteOnly) }} + {{- if and (not $p.Required) (not $p.Output) }} {{- trimTemplate "property_documentation.html.markdown.tmpl" $p -}} {{- end }} {{- end }} From 22158217a83d1b0aca29a7889d4bf0682c7c89aa Mon Sep 17 00:00:00 2001 From: "alvarez.mauriciotm@gmail.com" Date: Tue, 14 Oct 2025 12:41:17 -0700 Subject: [PATCH 4/8] remove --- mmv1/api/type.go | 3 --- 1 file changed, 3 deletions(-) diff --git a/mmv1/api/type.go b/mmv1/api/type.go index be100e056d1e..106b67d49898 100644 --- a/mmv1/api/type.go +++ b/mmv1/api/type.go @@ -176,9 +176,6 @@ type Type struct { // For more information, see: https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/write-only-arguments WriteOnly bool `yaml:"write_only,omitempty"` - // Used for generating write-only fields in documentation to be paired with their original fields - NonWriteOnlyApiName string - // TODO: remove this field after all references are migrated // see: https://github.com/GoogleCloudPlatform/magic-modules/pull/14933#pullrequestreview-3166578379 WriteOnlyLegacy bool `yaml:"write_only_legacy,omitempty"` // Adds `WriteOnlyLegacy: true` to the schema From eb947707b608b3a31ec4d6a5415657797ac8521a Mon Sep 17 00:00:00 2001 From: "alvarez.mauriciotm@gmail.com" Date: Tue, 14 Oct 2025 12:47:27 -0700 Subject: [PATCH 5/8] include required, writeonly case in properties_documentation --- .../terraform/property_documentation.html.markdown.tmpl | 2 ++ 1 file changed, 2 insertions(+) diff --git a/mmv1/templates/terraform/property_documentation.html.markdown.tmpl b/mmv1/templates/terraform/property_documentation.html.markdown.tmpl index e54f56db9902..df3fe18fd349 100644 --- a/mmv1/templates/terraform/property_documentation.html.markdown.tmpl +++ b/mmv1/templates/terraform/property_documentation.html.markdown.tmpl @@ -13,6 +13,8 @@ {{- else }} {{- if $.Required }} (Required{{ if $.DeprecationMessage }}, Deprecated{{ end }}) + {{- else if and (or $.WriteOnlyLegacy $.WriteOnly) $.Required }} + (Required, Write-Only) {{- else if or $.WriteOnlyLegacy $.WriteOnly }} (Optional, Write-Only) {{- else if not $.Output }} From 428d3272351ae4fe2a057bcaf6ebd42090412dd2 Mon Sep 17 00:00:00 2001 From: "alvarez.mauriciotm@gmail.com" Date: Tue, 14 Oct 2025 12:56:26 -0700 Subject: [PATCH 6/8] update note to align with other cloud providers --- mmv1/templates/terraform/resource.html.markdown.tmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mmv1/templates/terraform/resource.html.markdown.tmpl b/mmv1/templates/terraform/resource.html.markdown.tmpl index 61ec5b0bef86..c91d4aeb8e96 100644 --- a/mmv1/templates/terraform/resource.html.markdown.tmpl +++ b/mmv1/templates/terraform/resource.html.markdown.tmpl @@ -59,7 +59,7 @@ values will be stored in the raw state as plain text: {{ $.SensitivePropsToStrin [Read more about sensitive data in state](https://www.terraform.io/language/state/sensitive-data). {{ end }} {{- if $.WriteOnlyProps }} -~> **Note:** All arguments marked as write-only values will not be stored in the state: {{ $.WriteOnlyPropsToString }}. +-> **Note:** All arguments marked as write-only values will not be stored in the state: {{ $.WriteOnlyPropsToString }}. [Read more about Write-only Attributes](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/write-only-arguments). {{ end }} {{- if $.Examples }} From c2408d7fc75b86f6359daa4106b75caca2a38275 Mon Sep 17 00:00:00 2001 From: "alvarez.mauriciotm@gmail.com" Date: Tue, 14 Oct 2025 13:06:39 -0700 Subject: [PATCH 7/8] update to refer write-only fields as arguments --- mmv1/api/resource.go | 2 +- .../products/bigquerydatatransfer/Config.yaml | 2 +- .../products/secretmanager/SecretVersion.yaml | 4 +-- .../terraform/resource.html.markdown.tmpl | 2 +- .../service_account_id_token.html.markdown | 4 +-- .../service_account_jwt.html.markdown | 2 +- .../service_account_key.html.markdown | 2 +- .../using_ephemeral_resources.html.markdown | 2 +- ...using_write_only_arguements.html.markdown} | 32 +++++++++---------- 9 files changed, 26 insertions(+), 26 deletions(-) rename mmv1/third_party/terraform/website/docs/guides/{using_write_only_attributes.html.markdown => using_write_only_arguements.html.markdown} (65%) diff --git a/mmv1/api/resource.go b/mmv1/api/resource.go index 7bb8fc16c41b..67ce3e721d31 100644 --- a/mmv1/api/resource.go +++ b/mmv1/api/resource.go @@ -801,7 +801,7 @@ func buildWriteOnlyField(name string, versionFieldName string, originalField *Ty } func buildWriteOnlyVersionField(name string, originalField *Type, writeOnlyField *Type) *Type { - description := fmt.Sprintf("Triggers update of %s write-only. For more info see [updating write-only attributes](/docs/providers/google/guides/using_write_only_attributes.html#updating-write-only-attributes)", google.Underscore(writeOnlyField.Name)) + description := fmt.Sprintf("Triggers update of %s write-only. For more info see [updating write-only arguments](/docs/providers/google/guides/using_write_only_arguments.html#updating-write-only-arguments)", google.Underscore(writeOnlyField.Name)) requiredWith := strings.ReplaceAll(originalField.TerraformLineage(), google.Underscore(originalField.Name), google.Underscore(writeOnlyField.Name)) options := []func(*Type){ diff --git a/mmv1/products/bigquerydatatransfer/Config.yaml b/mmv1/products/bigquerydatatransfer/Config.yaml index 873f4987a0a6..2fb4a9a6341c 100644 --- a/mmv1/products/bigquerydatatransfer/Config.yaml +++ b/mmv1/products/bigquerydatatransfer/Config.yaml @@ -228,7 +228,7 @@ properties: required_with: - 'sensitive_params.0.secretAccessKeyWo' description: | - The version of the sensitive params - used to trigger updates of the write-only params. For more info see [updating write-only attributes](/docs/providers/google/guides/using_write_only_attributes.html#updating-write-only-attributes) + The version of the sensitive params - used to trigger updates of the write-only params. For more info see [updating write-only arguements](/docs/providers/google/guides/using_write_only_arguments.html#updating-write-only-arguments) - name: 'secretAccessKey' type: String description: | diff --git a/mmv1/products/secretmanager/SecretVersion.yaml b/mmv1/products/secretmanager/SecretVersion.yaml index 41cd710ee90c..d4f7edb02525 100644 --- a/mmv1/products/secretmanager/SecretVersion.yaml +++ b/mmv1/products/secretmanager/SecretVersion.yaml @@ -166,7 +166,7 @@ properties: sensitive: true - name: 'secretDataWo' type: String - description: The secret data. Must be no larger than 64KiB. For more info see [updating write-only attributes](/docs/providers/google/guides/using_write_only_attributes.html#updating-write-only-attributes) + description: The secret data. Must be no larger than 64KiB. For more info see [updating write-only arguments](/docs/providers/google/guides/using_write_only_arguments.html#updating-write-only-arguments) api_name: data required_with: - 'SecretDataWoVersion' @@ -177,5 +177,5 @@ properties: type: Integer default_value: 0 url_param_only: true - description: Triggers update of secret data write-only. For more info see [updating write-only attributes](/docs/providers/google/guides/using_write_only_attributes.html#updating-write-only-attributes) + description: Triggers update of secret data write-only. For more info see [updating write-only arguments](/docs/providers/google/guides/using_write_only_arguments.html#updating-write-only-arguments) immutable: true diff --git a/mmv1/templates/terraform/resource.html.markdown.tmpl b/mmv1/templates/terraform/resource.html.markdown.tmpl index c91d4aeb8e96..89a507e0d94b 100644 --- a/mmv1/templates/terraform/resource.html.markdown.tmpl +++ b/mmv1/templates/terraform/resource.html.markdown.tmpl @@ -60,7 +60,7 @@ values will be stored in the raw state as plain text: {{ $.SensitivePropsToStrin {{ end }} {{- if $.WriteOnlyProps }} -> **Note:** All arguments marked as write-only values will not be stored in the state: {{ $.WriteOnlyPropsToString }}. -[Read more about Write-only Attributes](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/write-only-arguments). +[Read more about Write-only Arguements](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/write-only-arguments). {{ end }} {{- if $.Examples }} {{- range $e := $.Examples }} diff --git a/mmv1/third_party/terraform/website/docs/ephemeral-resources/service_account_id_token.html.markdown b/mmv1/third_party/terraform/website/docs/ephemeral-resources/service_account_id_token.html.markdown index 0e9e15b5cf8a..3b190b6b9bf6 100644 --- a/mmv1/third_party/terraform/website/docs/ephemeral-resources/service_account_id_token.html.markdown +++ b/mmv1/third_party/terraform/website/docs/ephemeral-resources/service_account_id_token.html.markdown @@ -13,7 +13,7 @@ For more information see ## Example Usage - ServiceAccount JSON credential file. --> **Note:** If you run this example configuration you will be able to see ephemeral.google_service_account_id_token.oidc in terraform plan and apply terminal output but you will not see it in state, as ephemeral resources are excluded from state. In future, when write-only attributes are added to resources in the Google provider, ephemeral resources such as google_service_account_id_token could be used to set field values when creating managed resources. +-> **Note:** If you run this example configuration you will be able to see ephemeral.google_service_account_id_token.oidc in terraform plan and apply terminal output but you will not see it in state, as ephemeral resources are excluded from state. In future, when write-only arguments are added to resources in the Google provider, ephemeral resources such as google_service_account_id_token could be used to set field values when creating managed resources. `google_service_account_id_token` will use the configured [provider credentials](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#credentials-1) @@ -25,7 +25,7 @@ For more information see ## Example Usage - Service Account Impersonation. --> **Note:** If you run this example configuration you will be able to see ephemeral.google_service_account_id_token.oidc in terraform plan and apply terminal output but you will not see it in state, as ephemeral resources are excluded from state. In future, when write-only attributes are added to resources in the Google provider, ephemeral resources such as google_service_account_id_token could be used to set field values when creating managed resources. +-> **Note:** If you run this example configuration you will be able to see ephemeral.google_service_account_id_token.oidc in terraform plan and apply terminal output but you will not see it in state, as ephemeral resources are excluded from state. In future, when write-only arguments are added to resources in the Google provider, ephemeral resources such as google_service_account_id_token could be used to set field values when creating managed resources. Ephemeral resource `google_service_account_id_token` will use background impersonated credentials provided by [google_service_account_access_token](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/service_account_access_token). diff --git a/mmv1/third_party/terraform/website/docs/ephemeral-resources/service_account_jwt.html.markdown b/mmv1/third_party/terraform/website/docs/ephemeral-resources/service_account_jwt.html.markdown index ef0f90a609e1..b7e38d53e4da 100644 --- a/mmv1/third_party/terraform/website/docs/ephemeral-resources/service_account_jwt.html.markdown +++ b/mmv1/third_party/terraform/website/docs/ephemeral-resources/service_account_jwt.html.markdown @@ -10,7 +10,7 @@ This ephemeral resource provides a [self-signed JWT](https://cloud.google.com/ia ## Example Usage --> **Note:** If you run this example configuration you will be able to see ephemeral.google_service_account_jwt.foo in terraform plan and apply terminal output but you will not see it in state, as ephemeral resources are excluded from state. In future, when write-only attributes are added to resources in the Google provider, ephemeral resources such as google_service_account_jwt could be used to set field values when creating managed resources. +-> **Note:** If you run this example configuration you will be able to see ephemeral.google_service_account_jwt.foo in terraform plan and apply terminal output but you will not see it in state, as ephemeral resources are excluded from state. In future, when write-only arguments are added to resources in the Google provider, ephemeral resources such as google_service_account_jwt could be used to set field values when creating managed resources. Note: in order to use the following, the caller must have _at least_ `roles/iam.serviceAccountTokenCreator` on the `target_service_account`. diff --git a/mmv1/third_party/terraform/website/docs/ephemeral-resources/service_account_key.html.markdown b/mmv1/third_party/terraform/website/docs/ephemeral-resources/service_account_key.html.markdown index 43b2cef15938..02b58d22874f 100644 --- a/mmv1/third_party/terraform/website/docs/ephemeral-resources/service_account_key.html.markdown +++ b/mmv1/third_party/terraform/website/docs/ephemeral-resources/service_account_key.html.markdown @@ -10,7 +10,7 @@ Get an ephemeral service account public key. For more information, see [the offi ## Example Usage --> **Note:** If you run this example configuration you will be able to see ephemeral.google_service_account_key.mykey in terraform plan and apply terminal output but you will not see it in state, as ephemeral resources are excluded from state. In future, when write-only attributes are added to resources in the Google provider, ephemeral resources such as google_service_account_key could be used to set field values when creating managed resources. +-> **Note:** If you run this example configuration you will be able to see ephemeral.google_service_account_key.mykey in terraform plan and apply terminal output but you will not see it in state, as ephemeral resources are excluded from state. In future, when write-only arguments are added to resources in the Google provider, ephemeral resources such as google_service_account_key could be used to set field values when creating managed resources. ```hcl diff --git a/mmv1/third_party/terraform/website/docs/guides/using_ephemeral_resources.html.markdown b/mmv1/third_party/terraform/website/docs/guides/using_ephemeral_resources.html.markdown index dde065e489d0..7fae9c547b5c 100644 --- a/mmv1/third_party/terraform/website/docs/guides/using_ephemeral_resources.html.markdown +++ b/mmv1/third_party/terraform/website/docs/guides/using_ephemeral_resources.html.markdown @@ -20,7 +20,7 @@ These are based on existing data sources already in the provider. In future you ## Use the Google Cloud provider's new ephemeral resources -Ephemeral resources are a source of ephemeral data, and they can be referenced in your configuration just like the attributes of resources and data sources. However, a field that references an ephemeral resource must be capable of handling ephemeral data. Due to this, resources in the Google Cloud provider will need to be updated so they include write-only attributes that are capable of using ephemeral data while not storing those values in the resource's state. +Ephemeral resources are a source of ephemeral data, and they can be referenced in your configuration just like the attributes of resources and data sources. However, a field that references an ephemeral resource must be capable of handling ephemeral data. Due to this, resources in the Google Cloud provider will need to be updated so they include write-only arguments that are capable of using ephemeral data while not storing those values in the resource's state. Until then, ephemeral resources can only be used to pass values into the provider block, which is already capable of receiving ephemeral values. diff --git a/mmv1/third_party/terraform/website/docs/guides/using_write_only_attributes.html.markdown b/mmv1/third_party/terraform/website/docs/guides/using_write_only_arguements.html.markdown similarity index 65% rename from mmv1/third_party/terraform/website/docs/guides/using_write_only_attributes.html.markdown rename to mmv1/third_party/terraform/website/docs/guides/using_write_only_arguements.html.markdown index cc90f4e620c3..922b4b9d9f4e 100644 --- a/mmv1/third_party/terraform/website/docs/guides/using_write_only_attributes.html.markdown +++ b/mmv1/third_party/terraform/website/docs/guides/using_write_only_arguements.html.markdown @@ -1,29 +1,29 @@ --- -page_title: "Use write-only attributes in the Google Cloud provider" +page_title: "Use write-only arguments in the Google Cloud provider" description: |- - How to use write-only attributes in the Google Cloud provider + How to use write-only arguments in the Google Cloud provider --- -# Write-only attributes in the Google Cloud provider +# Write-only arguments in the Google Cloud provider -The Google Cloud provider has introduced new write-only attributes for a more secure way to manage data. The new `WriteOnly` attribute accepts values from configuration and will not be stored in plan or state providing an additional layer of security and control over data access. +The Google Cloud provider has introduced new write-only arguments for a more secure way to manage data. The new `WriteOnly` attribute accepts values from configuration and will not be stored in plan or state providing an additional layer of security and control over data access. -For more information, see the [official HashiCorp documentation for Write-only Attributes](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/write-only-arguments). +For more information, see the [official HashiCorp documentation for Write-only Arguments](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/write-only-arguments). -The Google Cloud provider has added the following write-only attributes: +The Google Cloud provider has added the following write-only arguments: - [`google_sql_user: password_wo`](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/sql_user#password-1) - [`google_secret_manager_secret_version: secret_data_wo`](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/secret_manager_secret_version#secret_data_wo) - [`google_bigquery_data_transfer_config: sensitive_params.secret_access_key_wo`](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/bigquery_data_transfer_config#secret_access_key_wo) -These were chosen due to them being marked as sensitive already in the provider. Although sensitive attributes do not appear in `terraform plan`, they are still stored in the Terraform state. Write-only attributes allow users to access and use data in their configurations without that data being stored in Terraform state. +These were chosen due to them being marked as sensitive already in the provider. Although sensitive arguments do not appear in `terraform plan`, they are still stored in the Terraform state. Write-only arguments allow users to access and use data in their configurations without that data being stored in Terraform state. -## Use the Google Cloud provider's new write-only attributes +## Use the Google Cloud provider's new write-only arguments -The following sections show how to use the new write-only attributes in the Google Cloud provider. +The following sections show how to use the new write-only argument in the Google Cloud provider. -### Applying a write-only attribute +### Applying a write-only argument -The following example shows how to apply a write-only attribute. All write-only attributes are marked with the `wo` suffix and can not be used with the attribute that it's mirroring. For example, `secret_data_wo` can not be used with `secret_data`. +The following example shows how to apply a write-only argument. All write-only arguments are marked with the `wo` suffix and can not be used with the argument that it's mirroring. For example, `secret_data_wo` can not be used with `secret_data`. ```hcl resource "google_sql_database_instance" "instance" { @@ -44,7 +44,7 @@ resource "google_sql_user" "user1" { } ``` -During `terraform plan` you will see that the write-only attribute is marked appropriately: +During `terraform plan` you will see that the write-only argument is marked appropriately: ``` # google_sql_user.user1 will be created @@ -88,11 +88,11 @@ Upon `terrform apply` you will see in `terraform.tfstate` that the write-only at }, ``` -Any value that is set for a write-only attribute is nulled out before the RPC response is sent to Terraform. +Any value that is set for a write-only argument is nulled out before the RPC response is sent to Terraform. -### Updating write-only attributes +### Updating write-only arguments -Since write-only attributes are not stored in the Terraform state, they cannot be updated by just changing the value in the configuration due to the attribute being nulled out. +Since write-only arguments are not stored in the Terraform state, they cannot be updated by just changing the value in the configuration due to the attribute being nulled out. In order to update a write-only attribute we must change the write-only attribute's version. @@ -106,7 +106,7 @@ resource "google_sql_user" "user1" { } ``` -A `terraform apply` of this configuration will allow you to update the write-only attribute despite the new value not being shown in the plan. +A `terraform apply` of this configuration will allow you to update the write-only argument despite the new value not being shown in the plan. ```hcl Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: From 6e1761035a35d375b96f3a90f6e3d13ffd7eba4d Mon Sep 17 00:00:00 2001 From: "alvarez.mauriciotm@gmail.com" Date: Tue, 14 Oct 2025 13:09:05 -0700 Subject: [PATCH 8/8] update to write-only version field description --- mmv1/api/resource.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mmv1/api/resource.go b/mmv1/api/resource.go index 67ce3e721d31..0976430db7bd 100644 --- a/mmv1/api/resource.go +++ b/mmv1/api/resource.go @@ -801,7 +801,7 @@ func buildWriteOnlyField(name string, versionFieldName string, originalField *Ty } func buildWriteOnlyVersionField(name string, originalField *Type, writeOnlyField *Type) *Type { - description := fmt.Sprintf("Triggers update of %s write-only. For more info see [updating write-only arguments](/docs/providers/google/guides/using_write_only_arguments.html#updating-write-only-arguments)", google.Underscore(writeOnlyField.Name)) + description := fmt.Sprintf("Triggers update of `%s` write-only. Increment this value when an update to `%s` is needed. For more info see [updating write-only arguments](/docs/providers/google/guides/using_write_only_arguments.html#updating-write-only-arguments)", google.Underscore(writeOnlyField.Name), google.Underscore(writeOnlyField.Name)) requiredWith := strings.ReplaceAll(originalField.TerraformLineage(), google.Underscore(originalField.Name), google.Underscore(writeOnlyField.Name)) options := []func(*Type){