fix: do not null fields if Argo CD API doesn't return fields

Potentially fixes #697.

Signed-off-by: Blake Pettersson <[email protected]>

Author: blakepettersson

internal/provider/model_repository.go

@@ -224,24 +224,24 @@ func newRepositoryModel(repo *v1alpha1.Repository) *repositoryModel {
 		model.Username = types.StringNull()
 	}
 
+	// Note: ArgoCD API may not return GitHub App enterprise base URL for security reasons,
+	// so we only set the value if it's explicitly returned, otherwise leave it as is
 	if repo.GitHubAppEnterpriseBaseURL != "" {
 		model.GitHubAppEnterpriseBaseURL = types.StringValue(repo.GitHubAppEnterpriseBaseURL)
-	} else {
-		model.GitHubAppEnterpriseBaseURL = types.StringNull()
 	}
 
 	// Handle GitHub App ID conversion
+	// Note: ArgoCD API does not return GitHub App authentication fields for security reasons,
+	// so we only set the value if it's explicitly returned (> 0), otherwise leave it as is
 	if repo.GithubAppId > 0 {
 		model.GitHubAppID = types.StringValue(strconv.FormatInt(repo.GithubAppId, 10))
-	} else {
-		model.GitHubAppID = types.StringNull()
 	}
 
 	// Handle GitHub App Installation ID conversion
+	// Note: ArgoCD API does not return GitHub App authentication fields for security reasons,
+	// so we only set the value if it's explicitly returned (> 0), otherwise leave it as is
 	if repo.GithubAppInstallationId > 0 {
 		model.GitHubAppInstallationID = types.StringValue(strconv.FormatInt(repo.GithubAppInstallationId, 10))
-	} else {
-		model.GitHubAppInstallationID = types.StringNull()
 	}
 
 	// Handle credentials based on inheritance

internal/provider/resource_repository.go

@@ -138,6 +138,34 @@ func (r *repositoryResource) Create(ctx context.Context, req resource.CreateRequ
 	result.TLSClientCertKey = data.TLSClientCertKey
 	result.GitHubAppPrivateKey = data.GitHubAppPrivateKey
 
+	// Preserve GitHub App authentication fields from the original configuration since ArgoCD API doesn't return them
+	if !data.GitHubAppID.IsNull() && !data.GitHubAppID.IsUnknown() {
+		result.GitHubAppID = data.GitHubAppID
+	}
+
+	if !data.GitHubAppInstallationID.IsNull() && !data.GitHubAppInstallationID.IsUnknown() {
+		result.GitHubAppInstallationID = data.GitHubAppInstallationID
+	}
+
+	if !data.GitHubAppEnterpriseBaseURL.IsNull() && !data.GitHubAppEnterpriseBaseURL.IsUnknown() {
+		result.GitHubAppEnterpriseBaseURL = data.GitHubAppEnterpriseBaseURL
+	}
+
+	// Preserve name field from the original configuration to handle empty string vs null properly
+	if !data.Name.IsNull() && !data.Name.IsUnknown() {
+		result.Name = data.Name
+	}
+
+	// Preserve TLS client cert data from the original configuration since ArgoCD API doesn't return it
+	if !data.TLSClientCertData.IsNull() && !data.TLSClientCertData.IsUnknown() {
+		result.TLSClientCertData = data.TLSClientCertData
+	}
+
+	// Preserve username from the original configuration if ArgoCD API doesn't return it
+	if !data.Username.IsNull() && !data.Username.IsUnknown() {
+		result.Username = data.Username
+	}
+
 	// Save data into Terraform state
 	resp.Diagnostics.Append(resp.State.Set(ctx, result)...)
 
@@ -187,6 +215,34 @@ func (r *repositoryResource) Read(ctx context.Context, req resource.ReadRequest,
 	result.TLSClientCertKey = data.TLSClientCertKey
 	result.GitHubAppPrivateKey = data.GitHubAppPrivateKey
 
+	// Preserve GitHub App authentication fields from the original state since ArgoCD API doesn't return them
+	if !data.GitHubAppID.IsNull() && !data.GitHubAppID.IsUnknown() {
+		result.GitHubAppID = data.GitHubAppID
+	}
+
+	if !data.GitHubAppInstallationID.IsNull() && !data.GitHubAppInstallationID.IsUnknown() {
+		result.GitHubAppInstallationID = data.GitHubAppInstallationID
+	}
+
+	if !data.GitHubAppEnterpriseBaseURL.IsNull() && !data.GitHubAppEnterpriseBaseURL.IsUnknown() {
+		result.GitHubAppEnterpriseBaseURL = data.GitHubAppEnterpriseBaseURL
+	}
+
+	// Preserve name field from the original configuration to handle empty string vs null properly
+	if !data.Name.IsNull() && !data.Name.IsUnknown() {
+		result.Name = data.Name
+	}
+
+	// Preserve TLS client cert data from the original configuration since ArgoCD API doesn't return it
+	if !data.TLSClientCertData.IsNull() && !data.TLSClientCertData.IsUnknown() {
+		result.TLSClientCertData = data.TLSClientCertData
+	}
+
+	// Preserve username from the original configuration if ArgoCD API doesn't return it
+	if !data.Username.IsNull() && !data.Username.IsUnknown() {
+		result.Username = data.Username
+	}
+
 	// Save updated data into Terraform state
 	resp.Diagnostics.Append(resp.State.Set(ctx, result)...)
 }
@@ -252,6 +308,34 @@ func (r *repositoryResource) Update(ctx context.Context, req resource.UpdateRequ
 	result.TLSClientCertKey = data.TLSClientCertKey
 	result.GitHubAppPrivateKey = data.GitHubAppPrivateKey
 
+	// Preserve GitHub App authentication fields from the original configuration since ArgoCD API doesn't return them
+	if !data.GitHubAppID.IsNull() && !data.GitHubAppID.IsUnknown() {
+		result.GitHubAppID = data.GitHubAppID
+	}
+
+	if !data.GitHubAppInstallationID.IsNull() && !data.GitHubAppInstallationID.IsUnknown() {
+		result.GitHubAppInstallationID = data.GitHubAppInstallationID
+	}
+
+	if !data.GitHubAppEnterpriseBaseURL.IsNull() && !data.GitHubAppEnterpriseBaseURL.IsUnknown() {
+		result.GitHubAppEnterpriseBaseURL = data.GitHubAppEnterpriseBaseURL
+	}
+
+	// Preserve name field from the original configuration to handle empty string vs null properly
+	if !data.Name.IsNull() && !data.Name.IsUnknown() {
+		result.Name = data.Name
+	}
+
+	// Preserve TLS client cert data from the original configuration since ArgoCD API doesn't return it
+	if !data.TLSClientCertData.IsNull() && !data.TLSClientCertData.IsUnknown() {
+		result.TLSClientCertData = data.TLSClientCertData
+	}
+
+	// Preserve username from the original configuration if ArgoCD API doesn't return it
+	if !data.Username.IsNull() && !data.Username.IsUnknown() {
+		result.Username = data.Username
+	}
+
 	// Save updated data into Terraform state
 	resp.Diagnostics.Append(resp.State.Set(ctx, result)...)
 }

internal/provider/resource_repository_certificate_test.go

@@ -494,3 +494,124 @@ func getSshKeysForHost(host string) ([]string, error) {
 
 	return subTypesKeys, nil
 }
+
+// TestAccArgoCDRepositoryCertificate_SSHConsistency tests consistency of SSH certificate fields
+func TestAccArgoCDRepositoryCertificate_SSHConsistency(t *testing.T) {
+	serverName := acctest.RandomWithPrefix("ssh-test")
+
+	config := testAccArgoCDRepositoryCertificatesSSH(
+		serverName,
+		"ssh-rsa",
+		"AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==",
+	)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:                 func() { testAccPreCheck(t) },
+		ProtoV6ProviderFactories: testAccProtoV6ProviderFactories,
+		Steps: []resource.TestStep{
+			{
+				Config: config,
+				Check: resource.ComposeAggregateTestCheckFunc(
+					resource.TestCheckResourceAttr(
+						"argocd_repository_certificate.simple",
+						"ssh.0.server_name",
+						serverName,
+					),
+					resource.TestCheckResourceAttr(
+						"argocd_repository_certificate.simple",
+						"ssh.0.cert_subtype",
+						"ssh-rsa",
+					),
+					resource.TestCheckResourceAttrSet(
+						"argocd_repository_certificate.simple",
+						"ssh.0.cert_info",
+					),
+				),
+			},
+			{
+				// Apply the same configuration again to test for consistency
+				Config: config,
+				Check: resource.ComposeAggregateTestCheckFunc(
+					resource.TestCheckResourceAttr(
+						"argocd_repository_certificate.simple",
+						"ssh.0.server_name",
+						serverName,
+					),
+					resource.TestCheckResourceAttr(
+						"argocd_repository_certificate.simple",
+						"ssh.0.cert_subtype",
+						"ssh-rsa",
+					),
+					resource.TestCheckResourceAttrSet(
+						"argocd_repository_certificate.simple",
+						"ssh.0.cert_info",
+					),
+				),
+			},
+		},
+	})
+}
+
+// TestAccArgoCDRepositoryCertificate_HTTPSConsistency tests consistency of HTTPS certificate fields
+func TestAccArgoCDRepositoryCertificate_HTTPSConsistency(t *testing.T) {
+	serverName := acctest.RandomWithPrefix("https-test")
+	certData := "-----BEGIN CERTIFICATE-----\nMIIFajCCBPCgAwIBAgIQBRiaVOvox+kD4KsNklVF3jAKBggqhkjOPQQDAzBWMQsw\nCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMTAwLgYDVQQDEydEaWdp\nQ2VydCBUTFMgSHlicmlkIEVDQyBTSEEzODQgMjAyMCBDQTEwHhcNMjIwMzE1MDAw\nMDAwWhcNMjMwMzE1MjM1OTU5WjBmMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2Fs\naWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEVMBMGA1UEChMMR2l0SHVi\nLCBJbmMuMRMwEQYDVQQDEwpnaXRodWIuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0D\nAQcDQgAESrCTcYUh7GI/y3TARsjnANwnSjJLitVRgwgRI1JlxZ1kdZQQn5ltP3v7\nKTtYuDdUeEu3PRx3fpDdu2cjMlyA0aOCA44wggOKMB8GA1UdIwQYMBaAFAq8CCkX\njKU5bXoOzjPHLrPt+8N6MB0GA1UdDgQWBBR4qnLGcWloFLVZsZ6LbitAh0I7HjAl\nBgNVHREEHjAcggpnaXRodWIuY29tgg53d3cuZ2l0aHViLmNvbTAOBgNVHQ8BAf8E\nBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMIGbBgNVHR8EgZMw\ngZAwRqBEoEKGQGh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRMU0h5\nYnJpZEVDQ1NIQTM4NDIwMjBDQTEtMS5jcmwwRqBEoEKGQGh0dHA6Ly9jcmw0LmRp\nZ2ljZXJ0LmNvbS9EaWdpQ2VydFRMU0h5YnJpZEVDQ1NIQTM4NDIwMjBDQTEtMS5j\ncmwwPgYDVR0gBDcwNTAzBgZngQwBAgIwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3\ndy5kaWdpY2VydC5jb20vQ1BTMIGFBggrBgEFBQcBAQR5MHcwJAYIKwYBBQUHMAGG\nGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBPBggrBgEFBQcwAoZDaHR0cDovL2Nh\nY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VExTSHlicmlkRUNDU0hBMzg0MjAy\nMENBMS0xLmNydDAJBgNVHRMEAjAAMIIBfwYKKwYBBAHWeQIEAgSCAW8EggFrAWkA\ndgCt9776fP8QyIudPZwePhhqtGcpXc+xDCTKhYY069yCigAAAX+Oi8SRAAAEAwBH\nMEUCIAR9cNnvYkZeKs9JElpeXwztYB2yLhtc8bB0rY2ke98nAiEAjiML8HZ7aeVE\nP/DkUltwIS4c73VVrG9JguoRrII7gWMAdwA1zxkbv7FsV78PrUxtQsu7ticgJlHq\nP+Eq76gDwzvWTAAAAX+Oi8R7AAAEAwBIMEYCIQDNckqvBhup7GpANMf0WPueytL8\nu/PBaIAObzNZeNMpOgIhAMjfEtE6AJ2fTjYCFh/BNVKk1mkTwBTavJlGmWomQyaB\nAHYAs3N3B+GEUPhjhtYFqdwRCUp5LbFnDAuH3PADDnk2pZoAAAF/jovErAAABAMA\nRzBFAiEA9Uj5Ed/XjQpj/MxQRQjzG0UFQLmgWlc73nnt3CJ7vskCICqHfBKlDz7R\nEHdV5Vk8bLMBW1Q6S7Ga2SbFuoVXs6zFMAoGCCqGSM49BAMDA2gAMGUCMCiVhqft\n7L/stBmv1XqSRNfE/jG/AqKIbmjGTocNbuQ7kt1Cs7kRg+b3b3C9Ipu5FQIxAM7c\ntGKrYDGt0pH8iF6rzbp9Q4HQXMZXkNxg+brjWxnaOVGTDNwNH7048+s/hT9bUQ==\n-----END CERTIFICATE-----"
+
+	config := testAccArgoCDRepositoryCertificateHttps(serverName, certData)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:                 func() { testAccPreCheck(t) },
+		ProtoV6ProviderFactories: testAccProtoV6ProviderFactories,
+		Steps: []resource.TestStep{
+			{
+				Config: config,
+				Check: resource.ComposeAggregateTestCheckFunc(
+					resource.TestCheckResourceAttr(
+						"argocd_repository_certificate.simple",
+						"https.0.server_name",
+						serverName,
+					),
+					resource.TestCheckResourceAttr(
+						"argocd_repository_certificate.simple",
+						"https.0.cert_data",
+						certData,
+					),
+					resource.TestCheckResourceAttr(
+						"argocd_repository_certificate.simple",
+						"https.0.cert_subtype",
+						"ecdsa",
+					),
+					resource.TestCheckResourceAttrSet(
+						"argocd_repository_certificate.simple",
+						"https.0.cert_info",
+					),
+				),
+			},
+			{
+				// Apply the same configuration again to test for consistency
+				Config: config,
+				Check: resource.ComposeAggregateTestCheckFunc(
+					resource.TestCheckResourceAttr(
+						"argocd_repository_certificate.simple",
+						"https.0.server_name",
+						serverName,
+					),
+					resource.TestCheckResourceAttr(
+						"argocd_repository_certificate.simple",
+						"https.0.cert_data",
+						certData,
+					),
+					resource.TestCheckResourceAttr(
+						"argocd_repository_certificate.simple",
+						"https.0.cert_subtype",
+						"ecdsa",
+					),
+					resource.TestCheckResourceAttrSet(
+						"argocd_repository_certificate.simple",
+						"https.0.cert_info",
+					),
+				),
+			},
+		},
+	})
+}

internal/provider/resource_repository_credentials_test.go

@@ -175,6 +175,106 @@ func generateSSHPrivateKey() (privateKey string, err error) {
 	return string(pem.EncodeToMemory(&privBlock)), nil
 }
 
+func TestAccArgoCDRepositoryCredentials_UsernamePasswordConsistency(t *testing.T) {
+	config := testAccArgoCDRepositoryCredentialsSimple(
+		"https://github.com/argoproj-labs/terraform-provider-argocd",
+	)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:                 func() { testAccPreCheck(t) },
+		ProtoV6ProviderFactories: testAccProtoV6ProviderFactories,
+		Steps: []resource.TestStep{
+			{
+				Config: config,
+				Check: resource.ComposeAggregateTestCheckFunc(
+					resource.TestCheckResourceAttr("argocd_repository_credentials.simple", "url", "https://github.com/argoproj-labs/terraform-provider-argocd"),
+				),
+			},
+			{
+				// Apply the same configuration again to test for consistency
+				Config: config,
+				Check: resource.ComposeAggregateTestCheckFunc(
+					resource.TestCheckResourceAttr("argocd_repository_credentials.simple", "url", "https://github.com/argoproj-labs/terraform-provider-argocd"),
+				),
+			},
+		},
+	})
+}
+
+func TestAccArgoCDRepositoryCredentials_SSHConsistency(t *testing.T) {
+	sshPrivateKey, err := generateSSHPrivateKey()
+	assert.NoError(t, err)
+
+	config := testAccArgoCDRepositoryCredentialsSSH(
+		"https://private-git-repository.argocd.svc.cluster.local/project-1.git",
+		"git",
+		sshPrivateKey,
+	)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:                 func() { testAccPreCheck(t) },
+		ProtoV6ProviderFactories: testAccProtoV6ProviderFactories,
+		Steps: []resource.TestStep{
+			{
+				Config: config,
+				Check: resource.ComposeAggregateTestCheckFunc(
+					resource.TestCheckResourceAttr("argocd_repository_credentials.simple", "url", "https://private-git-repository.argocd.svc.cluster.local/project-1.git"),
+					resource.TestCheckResourceAttr("argocd_repository_credentials.simple", "username", "git"),
+					resource.TestCheckResourceAttrSet("argocd_repository_credentials.simple", "ssh_private_key"),
+				),
+			},
+			{
+				// Apply the same configuration again to test for consistency
+				Config: config,
+				Check: resource.ComposeAggregateTestCheckFunc(
+					resource.TestCheckResourceAttr("argocd_repository_credentials.simple", "url", "https://private-git-repository.argocd.svc.cluster.local/project-1.git"),
+					resource.TestCheckResourceAttr("argocd_repository_credentials.simple", "username", "git"),
+					resource.TestCheckResourceAttrSet("argocd_repository_credentials.simple", "ssh_private_key"),
+				),
+			},
+		},
+	})
+}
+
+func TestAccArgoCDRepositoryCredentials_GitHubAppConsistency(t *testing.T) {
+	sshPrivateKey, err := generateSSHPrivateKey()
+	assert.NoError(t, err)
+
+	config := testAccArgoCDRepositoryCredentialsGitHubApp(
+		"https://private-git-repository.argocd.svc.cluster.local/project-1.git",
+		"123456",
+		"987654321",
+		"https://ghe.example.com/api/v3",
+		sshPrivateKey,
+	)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:                 func() { testAccPreCheck(t) },
+		ProtoV6ProviderFactories: testAccProtoV6ProviderFactories,
+		Steps: []resource.TestStep{
+			{
+				Config: config,
+				Check: resource.ComposeAggregateTestCheckFunc(
+					resource.TestCheckResourceAttr("argocd_repository_credentials.githubapp", "url", "https://private-git-repository.argocd.svc.cluster.local/project-1.git"),
+					resource.TestCheckResourceAttr("argocd_repository_credentials.githubapp", "githubapp_id", "123456"),
+					resource.TestCheckResourceAttr("argocd_repository_credentials.githubapp", "githubapp_installation_id", "987654321"),
+					resource.TestCheckResourceAttr("argocd_repository_credentials.githubapp", "githubapp_enterprise_base_url", "https://ghe.example.com/api/v3"),
+				),
+			},
+			{
+				// Apply the same configuration again to test for consistency
+				Config: config,
+				Check: resource.ComposeAggregateTestCheckFunc(
+					resource.TestCheckResourceAttr("argocd_repository_credentials.githubapp", "url", "https://private-git-repository.argocd.svc.cluster.local/project-1.git"),
+					resource.TestCheckResourceAttr("argocd_repository_credentials.githubapp", "githubapp_id", "123456"),
+					resource.TestCheckResourceAttr("argocd_repository_credentials.githubapp", "githubapp_installation_id", "987654321"),
+					resource.TestCheckResourceAttr("argocd_repository_credentials.githubapp", "githubapp_enterprise_base_url", "https://ghe.example.com/api/v3"),
+				),
+			},
+		},
+	})
+}
+
 func testCheckMultipleResourceAttr(name, key, value string, count int) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		for i := 0; i < count; i++ {