terraform-provider-vault icon indicating copy to clipboard operation
terraform-provider-vault copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

[Bug]: MongoDB connections result in update-in-place although no changes were made

Open plafue opened this issue 11 months ago • 0 comments

Terraform Core Version

1.7.4

Terraform Vault Provider Version

3.25.0

Vault Server Version

1.15

Affected Resource(s)

vault_database_secrets_mount vault_database_secret_backend_connection

Expected Behavior

After applying the configuration once, applying it again shouldn't show any drift against the state.

Actual Behavior

Applying the configuration with no changes show that resources will be detroyed and recreated or updated in place.

Relevant Error/Panic Output Snippet

# vault_database_secrets_mount.databases will be updated in-place
  ~ resource "vault_database_secrets_mount" "databases" {
        id                           = "db"
        # (12 unchanged attributes hidden)

      - mongodb {
          - allowed_roles            = [
              - "role2",
            ] -> null
          - connection_url           = "mongodb://{{username}}:{{password}}@mongodb:27017/" -> null
          - data                     = {} -> null
          - max_connection_lifetime  = 0 -> null
          - max_idle_connections     = 0 -> null
          - max_open_connections     = 2 -> null
          - name                     = "db2" -> null
          - plugin_name              = "mongodb-database-plugin" -> null
          - root_rotation_statements = [] -> null
          - username                 = "root" -> null
          - verify_connection        = true -> null
        }

        # (1 unchanged block hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.



### Terraform Configuration Files

https://github.com/plafue/terraform-provider-vault-mongodb-bug

### Steps to Reproduce

In the provided repository run
```shell
docker compose up -d

export VAULT_ADDR=http://127.0.0.1:8200 && \
  vault login vault-plaintext-root-token

terraform init && terraform apply

and apply/plan once (or many more times) to see how the plan always drifts from the state.

Debug Output

No response

Panic Output

No response

Important Factoids

This does not only happen with a mongodb block inside the secrets mount and a vault_database_secret_backend_connection resource: having two vault_database_secret_backend_connections with a mongo block also trigger an update in place of the database secrets mount.

References

No response

Would you like to implement a fix?

None

plafue avatar Mar 04 '24 17:03 plafue