search

hashicorp / terraform-provider-aws

The AWS Provider enables Terraform to manage AWS resources.
https://registry.terraform.io/providers/hashicorp/aws
Mozilla Public License 2.0
9.73k stars 9.09k forks source link

[Bug]: aws_secretsmanager_secret_version data does not recognize a change #38545

Open egkelly opened 1 month ago

egkelly commented 1 month ago

Terraform Core Version

v1.8.2

AWS Provider Version

v5.36.0

Affected Resource(s)

Expected Behavior

Through automation, we updated a secrets manager secret. The aws_secretsmanager_secret_version should have identified the change, updating the secret version_id.

Actual Behavior

The password update is never reflected in terraform, and the data source is still tied to the old secret version. terraform state show 'address' displays this:

data "aws_secretsmanager_secret_version" "secret_version" {
    arn            = "XXXXXXXXXXX"
    created_date   = "2024-02-19T11:18:20Z"
    id             = "arn:aws-us-gov:secretsmanager:us-west-1:XXXXXXXX:secret:mysecret-hBeXjb|AWSCURRENT"
    secret_binary  = (sensitive value)
    secret_id      = "arn:aws-us-gov:secretsmanager:us-west-1:XXXXXXXX:secret:mysecret-hBeXjb"
    secret_string  = (sensitive value)
    version_id     = "ADABF743-5579-4973-A1FF-BB1F471E1465"
    version_stage  = "AWSCURRENT"
    version_stages = [
        "AWSCURRENT",
    ]
}

Please note the version_id ="ADABF743-5579-4973-A1FF-BB1F471E1465" whereas the version_id that actually has the stage label AWSCURRENT is terraform-20240724211504641600000001.

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

data "aws_secretsmanager_secret" "secret" {
  provider = aws.env_secrets

  name = "mysecret"
}

data "aws_secretsmanager_secret_version" "secret_version" {
  provider = aws.env_secrets

  secret_id = data.aws_secretsmanager_secret.mysecret.id
}

Steps to Reproduce

Create an aws secrets manager secret, then reference it in terraform via the aws_secretsmanager_secret_version data source. Run terraform apply. Update the secret, making sure there are two secret versions. Run terraform apply again.

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

None

github-actions[bot] commented 1 month ago

Community Note

Voting for Prioritization

Volunteering to Work on This Issue