Ability to always update DB User?

[mmindenhall]

We have a CI/CD pipeline that rotates passwords in our environments. The passwords are stored in AWS Secrets Manager. We then use terraform to read the password out of Secrets Manager and create an Atlas DB User:

data "aws_secretsmanager_secret" "mongo_foo_user_pw_secret" {
  name = "mongodb_foo_user_password"
}

data "aws_secretsmanager_secret_version" "mongo_foo_user_pw_value" {
  secret_id = "${data.aws_secretsmanager_secret.mongo_foo_user_pw_secret.id}"
}

...

resource "mongodbatlas_database_user" "foo_user" {
  username = "foo_user"
  password = "${data.aws_secretsmanager_secret_version.mongo_foo_user_pw_value.secret_string}"
  database = "foo"
  group = "${data.mongodbatlas_project.mongo_env_prj.id}"
  roles  = [
    {
      name = "readWrite"
      database = "foo"
    }
  ]
}

The password field is marked Sensitive in the schema. This should mean that unless it's marked to be ignored, it will always trigger an update (e.g., here).

I'm having the opposite problem. With the above configuration, I want it to always trigger an update of the user, in order to pick up the new password when it changes. However, after everything is initially created, a subsequent plan/apply does not trigger an update.

[mmindenhall]

I'm not sure what happened when I saw no changes in the plan, but I'm now seeing the user get updated each time as expected. Closing this.