search

hashicorp / terraform-provider-vault

Terraform Vault provider
https://www.terraform.io/docs/providers/vault/
Mozilla Public License 2.0
467 stars 544 forks source link

Terraform tries to create `vault_aws_secret_backend` even when it already exists #191

Closed aaron-trout closed 6 years ago

aaron-trout commented 6 years ago

Hi,

Seeing an issue where Terraform is not recording the creation of the AWS secret backend in the terraform state, so subsequent terraform apply operations are failing because it tries to create the thing again but it already exists. Details below.

Terraform Version

$ terraform -v
Terraform v0.11.8
+ provider.vault v1.1.4

Affected Resource(s)

Please list the resources as a list, for example:

Terraform Configuration Files

variable "aws_sandbox_access_key" {
  type = "string"
  description = "Access key for AWS sandbox account"
}

variable "aws_sandbox_secret_key" {
  type = "string"
  description = "Secret key for AWS sandbox account"
}

resource "vault_aws_secret_backend" "sandbox" {
  access_key = "${var.aws_sandbox_access_key}"
  secret_key = "${var.aws_sandbox_secret_key}"
  region = "eu-west-1"
  path = "aws-sandbox"
  description = "Auth backend for AWS Sandbox account"
  default_lease_ttl_seconds = 1800  # 30 mins
  max_lease_ttl_seconds = 172800  # 48 hrs
}

Terraform state file (after first terraform apply)

{
    "version": 3,
    "terraform_version": "0.11.8",
    "serial": 1,
    "lineage": "348e9951-f364-ecc7-6992-62660049614e",
    "modules": [
        {
            "path": [
                "root"
            ],
            "outputs": {},
            "resources": {},
            "depends_on": []
        }
    ]
}

Debug Output

https://gist.github.com/aaron-trout/1c722c7c1a31dcd413f8820aac590b0d

Expected Behavior

  1. terraform apply creates the secret backend and records it in the state file
  2. Subsequent terraform plan does not show any creations

Actual Behavior

  1. terraform apply successfully creates the secret backend but does not record it in the terraform state
  2. Subsequent plan or apply operations show a creation / fail because the resource already exists

Steps to Reproduce

  1. terraform apply twice
aaron-trout commented 6 years ago

Sounds possibly maybe a little bit like #115? I'm not sure...

zenitraM commented 6 years ago

I've just encountered the same with just enabling the vault_auth_backend for github:

provider "vault" {

}

resource "vault_auth_backend" "github" {
  type = "github"
}

Once applied first it creates the auth backend but fails to store anything on the state (terraform state show is empty). On subsequent applies it fails to get created as it's already there.

catsby commented 6 years ago

Hello – can you let us know what version of Vault you're using? There was an issue with Vault v0.11.0 that caused issues for the Terraform Vault Provider, and was subsequently patched in Vault v0.11.1.

aaron-trout commented 6 years ago

@catsby ooh, yes I am on 0.11.0. Will upgrade to .1 and get back to you!

aaron-trout commented 6 years ago

Well, I completely forgot to reply here, but upgrading did indeed fix it! :-)