The PR fixes the provider's behavior when resources (kv secrets version 1 and version 2) have been modified outside of terraform.
before the modification, when you createkv 2 secrets using the provider, modify the resource outside of vault using vault cli for example with the command vault patch, re-runningterraform apply and checking the terraform state you would notice the data attribute correspond to what's in vault while data_json doesn't, and most importantly now the terraform state is different then what was specified in the terraform configuration file which is not the expected behavior from the provider.
The PR fixes this, so now if you re-run terraform apply, the provider deletes what's was modified outside of terraform and makes sure that vault state corresponds to what was specified in terraform configuration file.
The modifications were both applied to resource kv secret and resource kv secret V2
Relates to #1993
Output from acceptance testing:
$ make testacc TESTARGS="--run TestAccKVSecretV2_UpdateOutsideTerraform"
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test --run TestAccKVSecretV2_UpdateOutsideTerraform -timeout 30m ./...
? github.com/hashicorp/terraform-provider-vault [no test files]
? github.com/hashicorp/terraform-provider-vault/cmd/coverage [no test files]
? github.com/hashicorp/terraform-provider-vault/cmd/generate [no test files]
? github.com/hashicorp/terraform-provider-vault/helper [no test files]
? github.com/hashicorp/terraform-provider-vault/internal/consts [no test files]
? github.com/hashicorp/terraform-provider-vault/internal/identity/group [no test files]
? github.com/hashicorp/terraform-provider-vault/internal/identity/mfa [no test files]
? github.com/hashicorp/terraform-provider-vault/internal/pki [no test files]
ok github.com/hashicorp/terraform-provider-vault/codegen (cached) [no tests to run]
ok github.com/hashicorp/terraform-provider-vault/internal/identity/entity (cached) [no tests to run]
? github.com/hashicorp/terraform-provider-vault/schema [no test files]
ok github.com/hashicorp/terraform-provider-vault/internal/provider (cached) [no tests to run]
ok github.com/hashicorp/terraform-provider-vault/testutil (cached) [no tests to run]
ok github.com/hashicorp/terraform-provider-vault/util (cached) [no tests to run]
ok github.com/hashicorp/terraform-provider-vault/vault 2.742s
...
$make testacc TESTARGS="--run TestAccKVSecret_UpdateOutsideTerraform"
TF_ACC=1 go test --run TestAccKVSecret_UpdateOutsideTerraform -timeout 30m ./...
? github.com/hashicorp/terraform-provider-vault [no test files]
? github.com/hashicorp/terraform-provider-vault/cmd/coverage [no test files]
? github.com/hashicorp/terraform-provider-vault/cmd/generate [no test files]
? github.com/hashicorp/terraform-provider-vault/helper [no test files]
? github.com/hashicorp/terraform-provider-vault/internal/consts [no test files]
ok github.com/hashicorp/terraform-provider-vault/codegen 0.223s [no tests to run]
? github.com/hashicorp/terraform-provider-vault/internal/identity/group [no test files]
? github.com/hashicorp/terraform-provider-vault/internal/identity/mfa [no test files]
? github.com/hashicorp/terraform-provider-vault/internal/pki [no test files]
? github.com/hashicorp/terraform-provider-vault/schema [no test files]
ok github.com/hashicorp/terraform-provider-vault/internal/identity/entity 0.269s [no tests to run]
ok github.com/hashicorp/terraform-provider-vault/internal/provider 0.455s [no tests to run]
ok github.com/hashicorp/terraform-provider-vault/testutil 0.588s [no tests to run]
ok github.com/hashicorp/terraform-provider-vault/util 0.738s [no tests to run]
ok github.com/hashicorp/terraform-provider-vault/vault 2.661s
Description
The PR fixes the provider's behavior when resources (
kv secrets version 1 and version 2
) have been modified outside of terraform. before the modification, when you createkv 2 secrets
using the provider, modify the resource outside of vault usingvault cli
for example with the commandvault patch
, re-runningterraform apply
and checking the terraform state you would notice thedata
attribute correspond to what's in vault whiledata_json
doesn't, and most importantly now the terraform state is different then what was specified in the terraform configuration file which is not the expected behavior from the provider. The PR fixes this, so now if you re-run terraform apply, the provider deletes what's was modified outside of terraform and makes sure that vault state corresponds to what was specified in terraform configuration file. The modifications were both applied toresource kv secret
andresource kv secret V2
Relates to #1993
Output from acceptance testing: