Correctly handle 404 response in approle secret id request

[rnurgaliyev]

After hashicorp/vault#12788 was merged and released in 1.9.0, the role/:name/secret-id-accessor/lookup vault server endpoint now returns a 404 status code when the secret_id_accessor cannot be found. This breaks the vault_approle_auth_backend_role_secret_id resource, which will always return an error if 404 is returned.

This PR fixes this issue.

Community Note

• Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
• Please do not leave "+1" comments, they generate extra noise for pull request followers and do not help prioritize the request

Closes #1241

Release note for CHANGELOG:

Fix crashing approle_auth_backend_role_secret_id resource when vault server returns 404.

Output from acceptance testing:

$ make dev testacc TESTARGS='-v -test.run TestAccAppRoleAuthBackendRole'
==> Checking that code complies with gofmt requirements...
go build -o terraform-provider-vault
mv terraform-provider-vault ~/.terraform.d/plugins/
TF_ACC=1 go test $(go list ./...) -v -v -test.run TestAccAppRoleAuthBackendRole -timeout 20m

[...]

=== RUN   TestAccAppRoleAuthBackendRoleID_basic
--- PASS: TestAccAppRoleAuthBackendRoleID_basic (3.39s)
=== RUN   TestAccAppRoleAuthBackendRoleID_customID
--- PASS: TestAccAppRoleAuthBackendRoleID_customID (3.15s)
=== RUN   TestAccAppRoleAuthBackendRoleSecretID_basic
--- PASS: TestAccAppRoleAuthBackendRoleSecretID_basic (1.87s)
=== RUN   TestAccAppRoleAuthBackendRoleSecretID_wrapped
--- PASS: TestAccAppRoleAuthBackendRoleSecretID_wrapped (1.90s)
=== RUN   TestAccAppRoleAuthBackendRoleSecretID_wrapped_namespace
--- PASS: TestAccAppRoleAuthBackendRoleSecretID_wrapped_namespace (3.20s)
=== RUN   TestAccAppRoleAuthBackendRoleSecretID_full
--- PASS: TestAccAppRoleAuthBackendRoleSecretID_full (1.92s)
=== RUN   TestAccAppRoleAuthBackendRole_import
--- PASS: TestAccAppRoleAuthBackendRole_import (2.34s)
=== RUN   TestAccAppRoleAuthBackendRole_basic
--- PASS: TestAccAppRoleAuthBackendRole_basic (1.82s)
=== RUN   TestAccAppRoleAuthBackendRole_update
--- PASS: TestAccAppRoleAuthBackendRole_update (3.12s)
=== RUN   TestAccAppRoleAuthBackendRole_full
--- PASS: TestAccAppRoleAuthBackendRole_full (1.79s)
=== RUN   TestAccAppRoleAuthBackendRole_fullUpdate
--- PASS: TestAccAppRoleAuthBackendRole_fullUpdate (4.42s)
PASS
ok      github.com/hashicorp/terraform-provider-vault/vault     29.282s

[hashicorp-cla]

All committers have signed the CLA.

[stefreak]

@benashz this is a huge blocker for us, cant you make a small bugfix release with this patch instead of planning it for a future major release?

Our Terraform CI pipeline does not run anymore without errors if we do not perform a manual intervention removing the approle secret id from the terraform state 😭

It would be super highly appreciated. Thanks for all the hard work even if you can't make a bugfix release 👍

[benashz]

LGTM!

Thank you for your contribution to HashiCorp!

[benashz]

@benashz this is a huge blocker for us, cant you make a small bugfix release with this patch instead of planning it for a future major release?

Understood.

Our Terraform CI pipeline does not run anymore without errors if we do not perform a manual intervention removing the approle secret id from the terraform state 😭

It would be super highly appreciated. Thanks for all the hard work even if you can't make a bugfix release 👍

Thanks for that. Unfortunately we already have quite a few changes teed up for 3.1.0, so I don't think a patch release is in the cards at this point. I'll see if we can reduce a bit of 3.1.0's scope so we can get it out sooner!

[stefreak]

Thank you a lot