Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Version 1.1.3 aws_auth_backend_role breaking changes #177

Closed
dhild opened this issue Sep 19, 2018 · 4 comments
Closed

Version 1.1.3 aws_auth_backend_role breaking changes #177

dhild opened this issue Sep 19, 2018 · 4 comments

Comments

@dhild
Copy link

dhild commented Sep 19, 2018

Terraform Version

$ terraform version
Terraform v0.11.8
+ provider.vault v1.1.3

Affected Resource(s)

  • aws_auth_backend_role
    (There may be others)

Terraform Configuration Files

provider "vault" {
  version = "~> 1.0"
  address = "https://localhost:8200"
}

resource "vault_aws_auth_backend_role" "my_role" {
  role                           = "my-role"
  auth_type                      = "ec2"
  bound_account_id               = "123456789012"
  bound_region                   = "us-west-2"
  bound_vpc_id                   = "vpc-xxxxxxxx"
  bound_iam_instance_profile_arn = "arn:aws:iam::123456789012:instance-profile/my-instance-profile"
  ttl                            = 60
  max_ttl                        = 120
  policies                       = ["default", "my-policy"]
}

Debug Output

The issue appears to be related to versioning, I'm not sure debug output is necessary here.

Panic Output

There was no panic.

Expected Behavior

Terraform plan & apply should still work
This issue appears where we have existing resources written to use the String type, where the new version of the plugin expects these to be a List type. We would expect that the old configurations still work when using the ~> 1.0 version specification for the vault provider.

Actual Behavior

$ terraform plan

Error: vault_aws_auth_backend_role.my_role: bound_account_id: should be a list



Error: vault_aws_auth_backend_role.my_role: bound_iam_instance_profile_arn: should be a list



Error: vault_aws_auth_backend_role.my_role: bound_region: should be a list



Error: vault_aws_auth_backend_role.my_role: bound_vpc_id: should be a list

Steps to Reproduce

With the terraform listed above:

  1. terraform init
  2. terraform plan

Important Factoids

Nothing comes to mind.

References

It looks like the issue appeared from this commit: 768c03b#diff-a97ccbd83928090a41b6c44716cd9f18L45
@idubinskiy
Copy link

See the conversation here: #153 (comment)

@tyrannosaurus-becks
Copy link
Contributor

The breaking change PR was reverted and a patch version released! This should be fixed on the latest patch version.

I've re-added the original PR and I'm currently working on some compatibility code. Will cut a minor release when that's in.

@dhild
Copy link
Author

dhild commented Sep 21, 2018

From our perspective, this was fixed by #185 🎉
Thansk @tyrannosaurus-becks!

@dhild dhild closed this as completed Sep 21, 2018
@tyrannosaurus-becks tyrannosaurus-becks mentioned this issue Sep 21, 2018
Merged
@tyrannosaurus-becks
Copy link
Contributor

@idubinskiy @dhild could you two take a look at #189 and comment upon whether that's what you had in mind?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tyrannosaurus-becks @dhild @idubinskiy