Closed GesaSchirren closed 2 weeks ago
@michael-magrian can some one from team look into the issue
Hey @GesaSchirren, can you please provide the Terraform specification that lead to this issue?
I will try, we just implemented a more automated secret rotation, so there might be bugs in our specification, as far as i know, it was working with 1.67.1 and we just updated to 1.68.1 last week. I also don't want to expose all of our specification.
code-engine-secrets.tf
resource "ibm_code_engine_secret" "a_secrets" {
project_id = ibm_code_engine_project.stage_project.project_id
name = "a-secrets"
format = "generic"
data = {
PGHOST = data.ibm_database_connection.pg_connection.postgres[0].hosts[0].hostname
PGPASSWORD = postgresql_role.pg_roles[var.pg_a_user].password
PGPORT = data.ibm_database_connection.pg_connection.postgres[0].hosts[0].port
PGUSER = var.pg_a_user
}
}
postgres_roles.tf
resource "postgresql_role" "pg_roles" {
for_each = toset(var.pg_roles)
name = each.value
login = true
create_database = true
password = ibm_sm_username_password_secret.pg_role_credentials[each.key].password
}
postgres_secrets.tf
resource "ibm_sm_username_password_secret" "pg_role_credentials" {
for_each = toset(var.pg_roles)
instance_id = var.secrets_manager.guid
region = "eu-de"
password_generation_policy {
length = 32
include_digits = true
include_symbols = true
include_uppercase = true
}
rotation {
auto_rotate = true
interval = 42
unit = "day"
}
secret_group_id = var.stage_secret_group_id
name = replace("${var.pg_prefix}-pg-${each.value}", "_", "-")
username = each.value
So we have a secret in the secrets manager that rotates and sets a new password for the database and then the password in the code engine secret gets updated.
Thank for for the added definitions. I don't really see any changes in the provider between the versions 1.67.1
and 168.1
on that specific resource type, but I'll try to trigger the error on our side with a similar setup.
I'll get back to you.
Alright, I can confirm that this is a regression in the ibm_code_engine_secret
update operation.
I suggest you revert back to version 1.67.1
for this resource and we'll work on providing a fix as soon as we can.
Sorry for the inconvenience.
Alright, thanks for looking into it so quickly!
Opened a PR to fix the reported issue: https://github.com/IBM-Cloud/terraform-provider-ibm/pull/5584
@hkantare would you be able to review the small change?
Terraform Plugin is crashing when trying to update Code Engine Secrets, was working with ibm-cloud/ibm v1.67.1
Terraform CLI and Terraform IBM Provider Version
Running on schematics workspace - ibm-cloud/ibm v1.68.1
Affected Resource(s)
Code Engine Secrets
Debug Output