Merge pull request #572 from hashicorp/docs/password-keepers

Document `keepers` property for application and service principal passwords
hashicorp · Sep 22, 2021 · 84797b1 · 84797b1
2 parents f561c13 + 43c7225
commit 84797b1
Show file tree

Hide file tree

Showing 4 changed files with 6 additions and 4 deletions.
diff --git a/docs/resources/application_password.md b/docs/resources/application_password.md
@@ -43,7 +43,7 @@ resource "time_rotating" "example" {
 
 resource "azuread_application_password" "example" {
   application_object_id = azuread_application.example.object_id
-  keepers = {
+  rotate_when_changed = {
     rotation = time_rotating.example.id
   }
 }
@@ -57,6 +57,7 @@ The following arguments are supported:
 * `display_name` - (Optional) A display name for the password.
 * `end_date` - (Optional) The end date until which the password is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). Changing this field forces a new resource to be created.
 * `end_date_relative` - (Optional) A relative duration for which the password is valid until, for example `240h` (10 days) or `2400h30m`. Changing this field forces a new resource to be created.
+* `rotate_when_changed` - (Optional) A map of arbitrary key/value pairs that will force recreation of the password when they change, enabling password rotation based on external conditions such as a rotating timestamp. Changing this forces a new resource to be created.
 * `start_date` - (Optional) The start date from which the password is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the current date is used.  Changing this field forces a new resource to be created.
 
 ## Attributes Reference

diff --git a/docs/resources/service_principal_password.md b/docs/resources/service_principal_password.md
@@ -49,7 +49,7 @@ resource "time_rotating" "example" {
 
 resource "azuread_service_principal_password" "example" {
   service_principal_id = azuread_service_principal.example.object_id
-  keepers = {
+  rotate_when_changed = {
     rotation = time_rotating.example.id
   }
 }
@@ -60,6 +60,7 @@ resource "azuread_service_principal_password" "example" {
 
 The following arguments are supported:
 
+* `rotate_when_changed` - (Optional) A map of arbitrary key/value pairs that will force recreation of the password when they change, enabling password rotation based on external conditions such as a rotating timestamp. Changing this forces a new resource to be created.
 * `service_principal_id` - (Required) The object ID of the service principal for which this password should be created. Changing this field forces a new resource to be created.
 
 ## Attributes Reference

diff --git a/internal/services/applications/application_password_resource.go b/internal/services/applications/application_password_resource.go
@@ -90,7 +90,7 @@ func applicationPasswordResource() *schema.Resource {
 				ValidateDiagFunc: validate.NoEmptyStrings,
 			},
 
-			"keepers": {
+			"rotate_when_changed": {
 				Description: "Arbitrary map of values that, when changed, will trigger rotation of the password",
 				Type:        schema.TypeMap,
 				Optional:    true,

diff --git a/internal/services/serviceprincipals/service_principal_password_resource.go b/internal/services/serviceprincipals/service_principal_password_resource.go
@@ -53,7 +53,7 @@ func servicePrincipalPasswordResource() *schema.Resource {
 				ValidateDiagFunc: validate.UUID,
 			},
 
-			"keepers": {
+			"rotate_when_changed": {
 				Description: "Arbitrary map of values that, when changed, will trigger rotation of the password",
 				Type:        schema.TypeMap,
 				Optional:    true,