Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Handle "all policies deleted" corner case #395

Merged
merged 1 commit into from
Apr 30, 2019
Merged

Handle "all policies deleted" corner case #395

merged 1 commit into from
Apr 30, 2019

Conversation

marcinwyszynski
Copy link
Contributor

When the user intends to delete all policies, they don't delete any.
This also leads to an inconsistent state which will show changes on every plan.

@ghost ghost added the size/XS label Apr 12, 2019
@ghost ghost added size/S and removed size/XS labels Apr 12, 2019
@tyrannosaurus-becks tyrannosaurus-becks self-assigned this Apr 29, 2019
@tyrannosaurus-becks
Copy link
Contributor

Hi @marcinwyszynski ! Thanks for working on this.

Question. Correct me if I'm mistaken, but aren't policies required for a role to be valid? Why would a person want to delete policies without deleting the entire role?

Just trying to understand the use case. Thanks!

@marcinwyszynski
Copy link
Contributor Author

Hey @tyrannosaurus-becks, I believe that if don't set policies explicitly, the role will be assigned a default policy, well... by default :) That's what's causing the problem, really - you're trying to set an empty list from Terraform, but Vault set the default policy, which gets reported back when you do the read, and makes Terraform want to change the resource again. Hope I'm making some sense :)

@marcinwyszynski
Copy link
Contributor Author

marcinwyszynski commented Apr 30, 2019
edited
Loading

Referring to your question explicitly:

Why would a person want to delete policies without deleting the entire role?

To make the role only use the implicit "default" policy.

@tyrannosaurus-becks
Copy link
Contributor

Thanks @marcinwyszynski ! That makes sense!

@tyrannosaurus-becks tyrannosaurus-becks merged commit c36bab9 into hashicorp:master Apr 30, 2019
@marcinwyszynski marcinwyszynski deleted the delete-policies branch April 30, 2019 17:48
dandandy pushed a commit to dandandy/terraform-provider-vault that referenced this pull request Jun 17, 2021
Merge pull request hashicorp#395 from marcinwyszynski/delete-policies
1e7a44b 
Handle "all policies deleted" corner case
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tyrannosaurus-becks tyrannosaurus-becks tyrannosaurus-becks approved these changes

Assignees

@tyrannosaurus-becks tyrannosaurus-becks

Labels
size/S
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@marcinwyszynski @tyrannosaurus-becks