You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Terraform will perform the following actions: # module.vault.vault_kubernetes_auth_backend_config.cluster will be updated in-place ~ resource "vault_kubernetes_auth_backend_config" "cluster" { backend = "kubernetes" disable_iss_validation = false disable_local_ca_jwt = false id = "auth/kubernetes/config" - kubernetes_ca_cert = <<~EOT -----BEGIN CERTIFICATE----- MIIDBjCCAe6gAwIBAgIBATANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwptaW5p a3ViZUNBMB4XDTIwMTAyNTIyMjc1MVoXDTMwMTAyNDIyMjc1MVowFTETMBEGA1UE AxMKbWluaWt1YmVDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANMO DKBT6BfinQg2LZFlZ1MYUTCmYSHgxP66dVhyhGLc3v0wpoRYym3sgnEfFC01IphE JbCxhGfV9/5/uzmMAyJbhgJ16xTccpuQetMltihiKt2vjFrXLaUmOpqnNzCXD4ly GFT7IRK6HaOqnjUscFFv5HeAn+lqufhm5cE1b0C97UMqtHAMYTSA8yWMAvzHdct1 wyJOelCi23hKbzeo93JPdJlXaXxv5dcliBTE/wSQGYSU8LIdEi9zes9VsyVEn9Nh qL0KQQYwi6SRDsGK/mWbv3tih3l09PUzlz0V9TCwkt8iZt4iSDGcKWfrZ6vyV7wl 9ZDNYqOQlSlK9GogjWMCAwEAAaNhMF8wDgYDVR0PAQH/BAQDAgKkMB0GA1UdJQQW MBQGCCsGAQUFBwMCBggrBgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW BBRsf/ByY9va3vwCz3bRf4OFlY62RDANBgkqhkiG9w0BAQsFAAOCAQEAUw+PoKz/ bGj4q4Ml+TcYLgOQQWRXT7F7ZYBmOxv/IZ7iE83sGAoy+Y2dacr/IZYAFmbH+DgU sIKENpAiRHlkBk8j1PEQUX0QL24e9oUDbdnnQKu0KwiwTUtMp9wk3KcP++DRH2Ql aJH+gfqbNzjkiL1NOMvnxUtP6j1gcIhaHfHG6iKPqzancnjWsioDS7VQMaGtMEu/ KRUqIQEv+/DaC/bNYxhX01NK7FYBxaKk5PDW99yB8Una8cpgh0TdPkH0JK3MHI2B 0MY8eboU54xeA99k1mWX0b9dyCx8Xn5p/r3gtg91jFXrBS87QJnNyvhadn7fQt1w rsqF5gNYth9k/Q== -----END CERTIFICATE----- EOT -> null kubernetes_host = "https://kubernetes.default" pem_keys = [] }Plan: 0 to add, 1 to change, 0 to destroy.
Expected Behavior
After creating the Kubernetes authentication backend as described in the terraform config above, if I do a subsequent terraform apply with no additional changes, it tries to remove the kubernetes_ca_cert that Vault automatically added. It should not do so and instead adopt it
Actual Behavior
It tries to remove the kubernetes_ca_cert when it should not
Steps to Reproduce
Please list the steps required to reproduce the issue, for example:
terraform apply
terraform apply
Important Factoids
Current work around is to add a lifecycle.ignore_changes on the kubernetes_ca_cert field
If it can't be done within the provider, then a documentation update about this would suffice
The text was updated successfully, but these errors were encountered:
This is still a issue on the latest provider version, 2.7.1 3.2.1. Maybe we can update the milestone or remove it since it seems not maintained? @jasonodonnell
I found a good workaround if you're on AWS at least. You can just set the ca_cert directly like so:
Hi @Skaronator, it looks like the issue is in the latest provider version 3.2.1. We can take a look at this issue as part of the upcoming 3.3.0 release.
Terraform Version
Affected Resource(s)
vault_kubernetes_auth_backend_config
If this issue appears to affect multiple resources, it may be an issue with Terraform's core, so please mention this.
Terraform Configuration Files
Debug Output
Expected Behavior
After creating the Kubernetes authentication backend as described in the terraform config above, if I do a subsequent
terraform apply
with no additional changes, it tries to remove thekubernetes_ca_cert
that Vault automatically added. It should not do so and instead adopt itActual Behavior
It tries to remove the kubernetes_ca_cert when it should not
Steps to Reproduce
Please list the steps required to reproduce the issue, for example:
terraform apply
terraform apply
Important Factoids
Current work around is to add a
lifecycle.ignore_changes
on thekubernetes_ca_cert
fieldIf it can't be done within the provider, then a documentation update about this would suffice
The text was updated successfully, but these errors were encountered: