You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi there. I was using vault provider to provision some resources but I encounter some problems.
Above is a minimal example to reproduce my problem.
In this example, a vault_mount is created in path test/foo and then a vault_kv_secret_v2 is created under that path.
Then I execute terraform apply and it works fine.
> VAULT_TOKEN=root VAULT_ADDR=http://localhost:8200 vault secrets list
Path Type Accessor Description
---- ---- -------- -----------
cubbyhole/ cubbyhole cubbyhole_3b11cde3 per-token private secret storage
identity/ identity identity_0a464287 identity store
secret/ kv kv_8d71d15f key/value secret storage
sys/ system system_cdba0899 system endpoints used for control, policy and debugging
test/foo/ kv kv_7840a449 This is the kv secret engine used by account service.
> VAULT_TOKEN=root VAULT_ADDR=http://localhost:8200 vault kv get test/foo/bar
== Secret Path ==
test/foo/data/bar
======= Metadata =======
Key Value
--- -----
created_time 2023-03-08T12:54:16.611946Z
custom_metadata <nil>
deletion_time n/a
destroyed false
version 2
==== Data ====
Key Value
--- -----
hello world
However when I execute terraform plan/apply again, some unexpected changes appear.
Expected Behavior
Expected behavior is that there should be no change.
Actual Behavior
Actual behavior is shown below:
> terraform plan
vault_mount.test: Refreshing state... [id=test/foo]
vault_kv_secret_v2.test: Refreshing state... [id=test/foo/data/bar]
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated
with the following symbols:
-/+ destroy and then create replacement
Terraform will perform the following actions:
# vault_kv_secret_v2.test must be replaced
-/+ resource "vault_kv_secret_v2""test" {
~data= (sensitive value)
~ id ="test/foo/data/bar"-> (known after apply)
~metadata= {
-"created_time"="2023-03-08T12:54:16.611946Z"-"custom_metadata"="null"-"deletion_time"=""-"destroyed"="false"-"version"="2"
} -> (known after apply)
~ mount ="test"->"test/foo" # forces replacement
~name="data/bar"->"bar" # forces replacement
~path="test/foo/data/bar"-> (known after apply)
# (3 unchanged attributes hidden)
~ custom_metadata {
+ cas_required = (known after apply)
+data= (known after apply)
+ delete_version_after = (known after apply)
+ max_versions = (known after apply)
}
}
Plan: 1 to add, 0 to change, 1 to destroy.
This only happens when the mount path contains subpath.
I am not sure if the subpath is allowed in mount path.
Steps to Reproduce
launch a local vault dev server
vault server -dev -dev-root-token-id="root"
apply above terraform configuration file.
plan/apply the configuration file again.
The text was updated successfully, but these errors were encountered:
Version
1.3.9
v3.13.0
Affected Resource(s)
Terraform Configuration Files
Reproduce
Hi there. I was using vault provider to provision some resources but I encounter some problems.
Above is a minimal example to reproduce my problem.
In this example, a
vault_mount
is created in pathtest/foo
and then avault_kv_secret_v2
is created under that path.Then I execute
terraform apply
and it works fine.However when I execute
terraform plan/apply
again, some unexpected changes appear.Expected Behavior
Expected behavior is that there should be no change.
Actual Behavior
Actual behavior is shown below:
This only happens when the mount path contains subpath.
I am not sure if the subpath is allowed in mount path.
Steps to Reproduce
vault server -dev -dev-root-token-id="root"
The text was updated successfully, but these errors were encountered: