terraform-provider-vault
terraform-provider-vault copied to clipboard
hashicorp
tf wants to update vault_consul_secret_backend_role despite no changes
Terraform Version
Terraform v1.2.4 on darwin_amd64
- provider registry.terraform.io/hashicorp/consul v2.15.1
- provider registry.terraform.io/hashicorp/vault v3.7.0
Affected Resource(s)
Please list the resources as a list, for example:
- vault_consul_secret_backend_role
Terraform Configuration Files
resource "consul_acl_policy" "consul_agent_acls" {
name = "consul_agent_acls"
description = "Provides access for consul agents"
rules = <<-RULE
node_prefix "consul-" {
policy = "write"
}
node_prefix "" {
policy = "read"
}
service_prefix "" {
policy = "read"
}
RULE
}
resource "vault_consul_secret_backend_role" "consul_agent_role" {
name = "consul_agent_role"
backend = vault_consul_secret_backend.consul_path.path
policies = [ "${consul_acl_policy.consul_agent_acls.name}" ]
}
Debug Output
Expected Behavior
Terraform should not have detected changes.
Actual Behavior
Terraform detected and applied changes to a resource that did not change in the Terraform file itself.
Steps to Reproduce
terraform apply
Important Factoids
I'm new to vault and consul, and thus could be missing something important.
I think this relates to the deprecation of policies in favour of consul_policies in vault 1.11+ (https://github.com/hashicorp/vault/pull/15400), which is addressed by PR #1518 and should be in a 3.8.0 release of this provider. I'm waiting for this one myself.
Hi @inflatador - I wanted to check back in on this and see if you tried again with the latest updates to the provider? As optiz0r said, the issue you encountered was likely due to the change with the parameters policies & consul_policies but I want to be sure!
@robmonte thanks for the ping, I can confirm that this is no longer a problem after upgrading to vault provider 3.8.2 . I appreciate your help on this!