search

hashicorp / terraform-provider-vault

Terraform Vault provider
https://www.terraform.io/docs/providers/vault/
Mozilla Public License 2.0
458 stars 537 forks source link

update vault_jwt_auth_backend description should not force replacement #1027

Closed thomas-riccardi closed 2 years ago

thomas-riccardi commented 3 years ago

Terraform Version

Terraform v0.15.0
on linux_amd64
+ provider registry.terraform.io/hashicorp/vault v2.19.0

Affected Resource(s)

Please list the resources as a list, for example:

Terraform Configuration Files

provider "vault" {
}
resource "vault_jwt_auth_backend" "oidc" {
  description = "first description"
  path        = "oidc"
  type        = "oidc"

  oidc_discovery_url = var.oidc_discovery_url
  oidc_client_id     = var.oidc_client_id
  oidc_client_secret = var.oidc_client_secret

  default_role = "developer"
}

Scenario

Expected Behavior

Terraform updates the oid auth backend description without deleting and re-creating it. i.e. the equivalent of vault auth tune oidc/ description='new description'.

Actual Behavior

Terraform force replacement of the vault_jwt_auth_backend upon description update.

  # vault_jwt_auth_backend.oidc must be replaced
-/+ resource "vault_jwt_auth_backend" "oidc" {
      ~ accessor               = "auth_oidc_714fe51c" -> (known after apply)
      - bound_issuer           = "" -> null
      ~ description            = "first description" -> "new description" # forces replacement
      ~ id                     = "oidc" -> (known after apply)
...

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

  1. terraform apply
  2. update the vault_jwt_auth_backend.oidc.description
  3. terraform apply
benashz commented 2 years ago

Fixed in #1550