[Bug]:

Open mackill2 opened this issue 2 years ago • 0 comments

Terraform Core Version

1.3.3.

Terraform Vault Provider Version

3.21.0

Vault Server Version

1.13.5+ent.shm

Affected Resource(s)

vault_pki_secret_backend_issuer

update for this resource errase parameters like name or issuing_certificates\

one CI/CD

module.vault-pki-issuers-hard["pki-test-1"].module.intermediate["pki-test-intermediate"].vault_pki_secret_backend_issuer.intermediate["v.0.0.3"] will be updated in-place

~ resource "vault_pki_secret_backend_issuer" "intermediate" { id = "pki-int-1/issuer/2242fd5c-9214-068c-910f-f57632235de6" ~ issuing_certificates = [ + "http://pki-st.pse.pl/v1/pki-int-1/issuer/v.0.0.3/pem", ] # (10 unchanged attributes hidden)

Second one PIPELINE ( without changing resource parametrs )

module.vault-pki-issuers-hard["pki-test-1"].module.intermediate["pki-test-intermediate"].vault_pki_secret_backend_issuer.intermediate["v.0.0.3"] will be updated in-place

~ resource "vault_pki_secret_backend_issuer" "intermediate" { id = "pki-int-1/issuer/2242fd5c-9214-068c-910f-f57632235de6" + issuer_name = "v.0.0.3" # (10 unchanged attributes hidden) }

Expected Behavior

Don't errase resource parameters

Actual Behavior

Errase updated resource parameters

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

data

pki: pki-test-1: path: "pki-1" description: "Testowe PKI CA Main" default_lease_ttl_seconds: "31536000" max_lease_ttl_seconds: "157680000" issuing_certificates: - "http://127.0.0.1:8200/v1/pki/ca" crl_distribution_points: - "http://127.0.0.1:8200/v1/pki/crl" crl_build_disable: false crl_expiry: "72h" root_cert_issuers: - issuer_name: "v.0.0.2" managed: true default: false type: "internal" common_name: "Testowe PKI CA Main" ttl: "365d" format: "pem" private_key_format: "der" key_type: "rsa" key_bits: 4096
exclude_cn_from_sans: true
organization: "PSE S.A." country: "PL" province: "Mazowieckie" locality: "Konstancin-Jeziorna" street_address: "Warszawska 165" postal_code: "05-500" ou: "DT"
ip_sans: [] intermediate: - name: pki-test-intermediate path: "pki-int-1" managed: true description: "Testowe PKI CA intermediate" default_lease_ttl_seconds: "31536000" max_lease_ttl_seconds: "157680000" issuing_certificates: - "http://127.0.0.1:8200/v1/pki/ca" crl_distribution_points: - "http://127.0.0.1:8200/v1/pki/crl" crl_build_disable: false crl_expiry: "72h" intermediate_cert_issuers: - issuer_name: "v.0.0.2" managed: true default: false type: "internal" common_name: "Testowe PKI CA Main - v.0.0.2" ttl: "365d" format: "pem" private_key_format: "der" key_type: "rsa" key_bits: 4096
exclude_cn_from_sans: true
organization: "PSE S.A." country: "PL" province: "Mazowieckie" locality: "Konstancin-Jeziorna" street_address: "Warszawska 165" postal_code: "05-500" ou: "DT"
ip_sans: [] issuing_certificates: - http://pki-st.pse.pl/v1/pki-int-1/issuer/v.0.0.2/pem - issuer_name: "v.0.0.3" managed: true default: true type: "internal" common_name: "Testowe PKI CA Main - v.0.0.3" ttl: "365d" format: "pem" private_key_format: "der" key_type: "rsa" key_bits: 4096
exclude_cn_from_sans: true
organization: "PSE S.A." country: "PL" province: "Mazowieckie" locality: "Konstancin-Jeziorna" street_address: "Warszawska 165" postal_code: "05-500" ou: "DT"
ip_sans: [] issuing_certificates: - http://pki-stxxxx/v1/pki-int-1/issuer/v.0.0.3/pem

module "vault-pki-issuers-hard" {


  source    = "git::https://xxxxxxx.pl/pse-dt/pse-terraform-module-vault-pki-issuers-hard.git?ref=main"
  
  providers = {
     vault = vault
  }



    for_each                     = local.pki_hard_config.pki


    path                         = each.value.path
    description                  = each.value.description
    default_lease_ttl_seconds    = each.value.default_lease_ttl_seconds
    max_lease_ttl_seconds        = each.value.max_lease_ttl_seconds
    issuing_certificates         = each.value.issuing_certificates
    crl_distribution_points      = each.value.crl_distribution_points
    crl_build_disable            = can(each.value.crl_build_disable) ? each.value.crl_build_disable : true
    crl_expiry                   = each.value.crl_expiry
    #roles                        = each.value.roles


    root_cert_issuers            = each.value.root_cert_issuers
    intermediate                 = each.value.intermediate



    #pki_intermediate_role                 = each.value.roles

    # root_cert                 = each.value.root_cert
    # crl_build_disable         = can(each.value.crl_build_disable) ? each.value.crl_build_disable : true
    # crl_expiry                = 
}

Steps to Reproduce

run multiple the same code

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

None

Oct 20 '23 15:10 mackill2

terraform-provider-vault terraform-provider-vault copied to clipboard

[Bug]:

Terraform Core Version

Terraform Vault Provider Version

Vault Server Version

Affected Resource(s)

module.vault-pki-issuers-hard["pki-test-1"].module.intermediate["pki-test-intermediate"].vault_pki_secret_backend_issuer.intermediate["v.0.0.3"] will be updated in-place

module.vault-pki-issuers-hard["pki-test-1"].module.intermediate["pki-test-intermediate"].vault_pki_secret_backend_issuer.intermediate["v.0.0.3"] will be updated in-place

Expected Behavior

Actual Behavior

Relevant Error/Panic Output Snippet

Terraform Configuration Files

Steps to Reproduce

Debug Output

Panic Output

Important Factoids

References

Would you like to implement a fix?

terraform-provider-vault
terraform-provider-vault copied to clipboard