[Bug]: importing a kmip scope failed: it uses an incorrect API url

[Joffrey54]

Terraform Core Version

1.6.6

Terraform Vault Provider Version

3.23.0

Vault Server Version

1.15.2

Affected Resource(s)

vault_kmip_secret_scope

Expected Behavior

Importing a resource without errors.

Actual Behavior

1/ My import command : terraform import 'module.secret-kmip.vault_kmip_secret_scope.scope["maq"]' kmip/scope/maq failed.

I get an 403 error. But it is because the API URL is incorrect: https://vault.test.intra/v1/scope?list=true

It works using the Vault cli "Vault list kmip/scope" (using the same VAULT_TOKEN)

So the url must be somthings like https://vault.test.intra/v1/kmip/scope?list=true

2/ The documentation of the vault_kmip_secret_scope, in the import section as an incorrect path in the exemple.

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

locals {
  scopes = ["maq"]
}

resource "vault_kmip_secret_backend" "kmip" {
  path                        = "kmip"
  description                 = "Vault KMIP backend"
  listen_addrs                = ["0.0.0.0:5696"]
  tls_ca_key_type             = "rsa"
  tls_ca_key_bits             = 4096
  default_tls_client_key_type = "rsa"
  default_tls_client_key_bits = 4096
  default_tls_client_ttl      = module.constants.y_in_sec
}

resource "vault_kmip_secret_scope" "scope" {
  for_each = toset(local.scopes)

  path  = vault_kmip_secret_backend.kmip.path
  scope = each.key
}

Steps to Reproduce

You must have an existing kmip scope and then, try to import the scope

Debug Output

No response

Panic Output

No response

Important Factoids

You must have a enterprise Lic

References

No response

Would you like to implement a fix?

None

[fairclothjm]

@nORKy54 Hello, I am sorry you are experiencing trouble!

It looks like the current implementation of kmipSecretScopeRead() does not support import since it is performing d.Get calls. Since there is no prior state on import, the d.Get calls will not return any data.