Cannot refresh state if `vault_ldap_auth_backend` is missing from Vault

[anarsen]

Terraform Version

Terraform v1.3.6
on linux_amd64
+ provider registry.terraform.io/hashicorp/vault v3.11.0

Affected Resource(s)

• vault_ldap_auth_backend

Terraform Configuration Files

resource "vault_ldap_auth_backend" "this" {
  # attributes omitted
}

Debug Output

https://gist.github.com/anarsen/00e8c1fdafa820d5bcfceff80da5c48c

Expected Behavior

Terraform would realize the vault_ldap_auth_backend doesn't exist during the refresh phase, and produce a plan to create it.

Actual Behavior

Errors out with this message

Error: auth mount ldap not present

I assume this is the offending code: https://github.com/hashicorp/terraform-provider-vault/blob/main/vault/resource_ldap_auth_backend.go#L346

Steps to Reproduce

1. vault server -dev
2. terraform apply
3. Stop Vault dev server
4. vault server -dev
5. terraform apply or terraform refresh

[mbieniasz]

Hi, i reached same problem, is there any update on that?

[fsdrw08]

same here, I had to separate the state of vault_ldap_auth_backend to another workspace

[nanalncux]

Do you have any news? Or reinvent crutches again?

[fairclothjm]

@nanalncux Hello, what version of the Vault Provider are you using? I believe this should be fixed as of v4.0.0

[simonkey007]

I confirm it has not been fixed. I'm using Vault provider in version v4.3.0 and I was getting the following error:

No secret engine mount at auth/ldap/

To workaround this I removed ldap engine configuration from the state file and rerun the terraform plan and apply.

[fairclothjm]

Fixed by https://github.com/hashicorp/terraform-provider-vault/pull/2289 and will be available in the next release (v4.4.0)