terraform-provider-vault icon indicating copy to clipboard operation
terraform-provider-vault copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

Removing azure_groups from vault_azure_secret_backend_role does not update the role in Vault

Open alexmunda opened this issue 3 years ago • 2 comments
trafficstars

Terraform Version

v0.13.7

Affected Resource(s)

Please list the resources as a list, for example:

  • vault_azure_secret_backend_role

Terraform Configuration Files

resource "vault_azure_secret_backend" "azure" {
  path = "/azure/path"

  tenant_id       = var.tenant_id
  subscription_id = var.subscription_id

  client_id     = var.client_id
  client_secret = var.client_secret
}

resource "vault_azure_secret_backend_role" "az_role" {
  backend = vault_azure_secret_backend.azure.path
  role    = "my-azure-role"

  azure_roles {
    role_name = "Contributor"
    scope     = "/providers/Microsoft.Management/managementGroups/foo"
  }

- azure_groups {
     - group_name = "foo-group" -> null
     - object_id  = "11111111-1111-1111-1111-111111111111" -> null
  }
}

Expected Behavior

The azure_groups property should have been removed from the role in Vault.

Actual Behavior

The plan showed the azure_groups would be removed, but after apply, the azure_groups property was still present on the Vault role with the original value.

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

  1. terraform apply (with the azure_groups on the role)
  2. Remove the azure_groups
  3. terraform apply
  4. View the role in Vault, it will still contain the azure_groups

alexmunda avatar Sep 28 '22 14:09 alexmunda