terraform-provider-consul
terraform-provider-consul copied to clipboard
hashicorp
Consul Provider Unable to Read Role that exists
Terraform Version
Terraform v1.1.0
Consul Provider Version 2.19.0
Consul Server Version 1.16.3
Affected Resource(s)
Please list the resources as a list, for example:
- consul_acl_role
Every role I have that's created in a loop.
Terraform Configuration Files
resource "consul_acl_role" "management" {
for_each = var.team
name = each.key
description = "Management role for ${each.key}"
policies = []
lifecycle {
ignore_changes = ["policies"]
}
Debug Output
Please note, all operations are performed against the same CONSUL_HTTP_ADDR with the same CONSUL_HTTP_TOKEN, so it is not a permissions issue, in which this error (403 acl not found) seems to appear in at times.
± # terraform state show consul_acl_role.management["REDACTED"]
# consul_acl_role.management["REDACTED"]:
resource "consul_acl_role" "management" {
description = "Management role"
id = "aabba91d-8ca1-380f-de55-a5948e45f1ea"
name = "REDACTED"
policies = []
}
2023-12-15T19:54:58.969Z [DEBUG] provider.terraform-provider-consul_v2.19.0_x4: 2023/12/15 19:54:58 [INFO] Consul Client configured with address: 'REDACTED:8501', scheme: 'https', datacenter: '', insecure_https: 'true'
2023-12-15T19:54:59.172Z [ERROR] vertex "consul_acl_role.management["REDACTED"]" error: failed to read role 'aabba91d-8ca1-380f-de55-a5948e45f1ea': Unexpected response code: 403 (rpc error making call: ACL not found)
2023-12-15T19:54:59.173Z [ERROR] vertex "consul_acl_role.management" error: failed to read role 'aabba91d-8ca1-380f-de55-a5948e45f1ea': Unexpected response code: 403 (rpc error making call: ACL not found)
2023-12-15T19:54:59.173Z [ERROR] vertex "consul_acl_role.management (expand)" error: failed to read role 'aabba91d-8ca1-380f-de55-a5948e45f1ea': Unexpected response code: 403 (rpc error making call: ACL not found)
│ Error: failed to read role 'aabba91d-8ca1-380f-de55-a5948e45f1ea': Unexpected response code: 403 (rpc error making call: ACL not found)
│
│ with consul_acl_role.management["REDACTED"],
│ on main.tf line 26, in resource "consul_acl_role" "management":
│ 26: resource "consul_acl_role" "management" {
│
╵
but if I read that ID:
~ consul acl role read -id=aabba91d-8ca1-380f-de55-a5948e45f1ea
ID: aabba91d-8ca1-380f-de55-a5948e45f1ea
Name: REDACTED
Description: Management role for REDACTED
Policies:
8e2dd209-fc12-be0b-bf51-c4931db18bf0 - Management-Policy
2a2a1d63-06d2-06f7-3862-ec2354e0d4e7 - Management-Policy
Expected Behavior
The role should have been read properly by the provider.
Actual Behavior
I have a role that exists in all of my consul datacenters, that was created by terraform.
For some reason I'm getting a 403 ACL Not Found back from consul, which is usually a permissions issue, when it refreshes state and attempts to do a read on the role.
However, in the same shell, with the same environment variables, I can perform a consul acl role read -id=<ID From TF State> and it returns just fine with the role in question, so I'm not sure what's getting lost in translation here.
Steps to Reproduce
- create a consul_acl_role resource
- attempt to modify or run another plan on that resource
