digitalocean
Deleting doks PAT is not detected by provider
Bug Report
Describe the bug
I cleaned out my PATs including the ones generated by doks. When rerunning terraform plan and apply, this is not noticed by the provider, so the kube_config output does not update.
Affected Resource(s)
- digitalocean_kubernetes_cluster
Expected Behavior
After deleting the PAT that is output in kube_config, and then rerunning plan, the provider should notice that the PAT is gone and plan to generate a new one.
Actual Behavior
The PAT is not regenerated, and the old kube_config persists. Other modules using terraform_remote_state will get unauthorized errors.
Confirm! I got my PAT deleted yesterday, replaced it in provider config, but doks token do not renewed in state so all my attempts to use kubernetes provider lead to Unauthorized errors. Same for helm provider - Kubernetes cluster unreachable: the server has asked for the client to provide credentials.
Steps to reproduce:
- work with DO via Terraform (in order to fill/refresh terraform state) - create
digitalocean_kubernetes_clusterand some resources usingkubernetesprovider - delete used PAT token
- add new token
- try to apply or refresh again
Workaround - remove cluster from state and import it back:
$ terraform state rm module.k8s.digitalocean_kubernetes_cluster.cluster
Removed module.k8s.digitalocean_kubernetes_cluster.cluster
Successfully removed 1 resource instance(s).
$ terraform import module.k8s.digitalocean_kubernetes_cluster.cluster 3299306e-aea3-4b55-ab66-redacted
Import successful!
The resources that were imported are shown above. These resources are now in
your Terraform state and will henceforth be managed by Terraform.