credential-stores disappear

[incubator4]

Describe the bug We manage boundary resources with terraform, and this is an credential-stores

resource "boundary_credential_store_vault" "dev-vault" {
  name        = "dev-vault"
  description = "Dev vault"
  address     = "<vault-addr>"
  scope_id    = "<project-id>"
  token       = "<available-token>"
}

In fact, boundary only receive renewable vault token, so I create vault token with

$ vault token create -no-default-policy=true \
-policy="boundary-controller" \
-orphan=true \
-period=30m

After a period of time, at least more than period time, which should be 30 min. I use boundary cli to check credential store,but it disappear.

$ boundary credential-stores  list -scope-id <project-id>
No credential store found

But there is still a record in boundary postgres database in table credential_store.

To Reproduce Steps to reproduce the behavior:

1. Create a renewable vault token
2. Use terraform apply to create credential_store
3. waiting token to renew
4. credential_store disappear

Expected behavior Nothing.

Additional context I don't know if this is a bug or not. More importantly, I want to know how can terraform provider and vault renewable token work together.

[louisruch]

Hi @incubator4 I will spend some time digging into this a bit later and get back to you. Because of how Boundary and Vault interact there are a number of complexities around how we handle CRUD on credential stores. For example we introduced a soft delete.

You mentioned that there is a valid credential-store entry in the database, if you still have that instance up and running can you provide the contents of the following two selects:

select * from credential_vault_store;
select * from credential_vault_store_public;