search

hashicorp / terraform-provider-boundary

Manage Boundary's identity-based access controls for resources provisioned with Terraform. This provider is maintained internally by the HashiCorp Boundary team.
https://registry.terraform.io/providers/hashicorp/boundary/latest
Mozilla Public License 2.0
100 stars 55 forks source link

error creating credential library in provider version 1.1.4 (works on 1.0.12) #353

Closed maheimstaden closed 1 year ago

maheimstaden commented 1 year ago

Hi,

I am following https://github.com/hashicorp/learn-boundary-azure-sql-database.git guide to integrating Boundary with Vault.

I have an issue with this resource (works on 1.0.12 but not on the 1.1.4)

resource "boundary_credential_library_vault" "database" { name = "database" description = "Vault credential library for developer database access" credential_store_id = boundary_credential_store_vault.vault.id path = local.boundary_creds_path http_method = "GET" }

What I get is:

Error: error creating credential library: {"kind":"InvalidArgument", "message":"Error in provided request.", "details":{"request_fields":[{"name":"credential_store_id", "description":"If included, type must match that of the credential store."}]}} │ │ with module.vault_config.boundary_credential_library_vault.database, │ on modules/vault/boundary.tf line 10, in resource "boundary_credential_library_vault" "database": │ 10: resource "boundary_credential_library_vault" "database" {

Terraform Version

1.3.2

Boundary Version

1.1.4

Affected Resource(s)

Terraform Configuration Files


terraform {
  required_version = ">= 1.0.0"
  backend "azurerm" {}

  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = ">=3.0"
    }
    boundary = {
      source  = "hashicorp/boundary"
      version = "1.1.4"
    }
  }
}
...

resource "boundary_credential_store_vault" "vault" {
  name            = "vault"
  description     = "Vault credentials store"
  address         = local.vault_url
  tls_skip_verify = true
  token           = vault_token.boundary.client_token
  scope_id        = local.boundary_developer_scope
}

resource "boundary_credential_library_vault" "database" {
  name                = "database"
  description         = "Vault credential library for developer database access"
  credential_store_id = boundary_credential_store_vault.vault.id
  path                = local.boundary_creds_path
  http_method         = "GET"
}

Expected Behavior

Resource is created

Actual Behavior

Error: error creating credential library: {"kind":"InvalidArgument", "message":"Error in provided request.", "details":{"request_fields":[{"name":"credential_store_id", "description":"If included, type must match that of the credential store."}]}}
│ 
│   with module.vault_config.boundary_credential_library_vault.database,
│   on modules/vault/boundary.tf line 10, in resource "boundary_credential_library_vault" "database":
│   10: resource "boundary_credential_library_vault" "database" {

Steps to Reproduce

terraform apply

Important Factoids

Works on 1.0.12

macmiranda commented 1 year ago

What's your Boundary controller version?

v1.1.4 introduced some quite big changes. In my opinion, it should have been planned as a major release. The target address field that was introduced in this PR isn't backwards compatible. Once that field is created in the state file, future plans will fail because old controllers don't expect that field to exist.

What I'm saying is, if you're running a Boundary controller version lower than v0.12.0 you should expect to have issues.

maheimstaden commented 1 year ago

Hi @macmiranda,

I am running 0.11.2-1 version, I will try to upgrade to 0.12 and let you know.

Thanks!

maheimstaden commented 1 year ago

Updated controller to 0.12.1-1 version and all seems to be working fine with 1.1.4 provider.

Thank you one more time.

Kr, Michał.

macmiranda commented 1 year ago

Glad it helped 😊