[Bug]: issuer_ref is not used by the ressource vault_pki_secret_backend_root_sign_intermediate

Terraform Core Version

1.7.3

Terraform Vault Provider Version

3.25.0

Vault Server Version

1.13.0

Affected Resource(s)

vault_pki_secret_backend_root_sign_intermediate

Expected Behavior

I'm expecting that by providing the following resource configuration:

resource "vault_pki_secret_backend_root_sign_intermediate" "test" {
  backend = "pki"
  issuer_ref = "my_issuer"
  csr     = vault_pki_secret_backend_intermediate_cert_request.test.csr
  common_name    = vault_pki_secret_backend_intermediate_cert_request.test.common_name
  format         = "pem"
  use_csr_values = true
  depends_on = [ vault_pki_secret_backend_intermediate_cert_request.test ]
}

The following API will be used to sign my CSR: /pki/issuer/:issuer_ref/sign-intermediate

/pki/issuer/my_issuer/sign-intermediate

Actual Behavior

Instead, the following default API is called:

/pki/root/sign-intermediate

which will then try to use the "default" issuer.

Relevant Error/Panic Output Snippet

vault_pki_secret_backend_root_sign_intermediate.test: Creating...
╷
│ Error: error creating root sign-intermediate on PKI secret backend "ca": Error making API request.
│ 
│ Namespace: my_name_space
│ URL: PUT https://my_vault/v1/ca/root/sign-intermediate
│ Code: 400. Errors:
│ 
│ * signing certificate has a max path length of zero, and cannot issue further CA certificates
│ 
│   with vault_pki_secret_backend_root_sign_intermediate.test,
│   on main.tf line 22, in resource "vault_pki_secret_backend_root_sign_intermediate" "test":
│   22: resource "vault_pki_secret_backend_root_sign_intermediate" "test" {

Terraform Configuration Files

resource "vault_pki_secret_backend_intermediate_cert_request" "test" {
  backend            = "pki"
  type               = "internal"
  common_name        = "my_cn"

}

// Sign Intermediate CA

resource "vault_pki_secret_backend_root_sign_intermediate" "test" {
  backend = "pki"
  issuer_ref = "root"
  csr     = vault_pki_secret_backend_intermediate_cert_request.test.csr
  common_name    = vault_pki_secret_backend_intermediate_cert_request.test.common_name
  format         = "pem"
  use_csr_values = true
  depends_on = [ vault_pki_secret_backend_intermediate_cert_request.test ]
}

Steps to Reproduce

run terraform apply with the previous resources, given you've a pki mount available

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

hashicorp / terraform-provider-vault

[Bug]: issuer_ref is not used by the ressource vault_pki_secret_backend_root_sign_intermediate #2148

Terraform Core Version

Terraform Vault Provider Version

Vault Server Version

Affected Resource(s)

Expected Behavior

Actual Behavior

Relevant Error/Panic Output Snippet

Terraform Configuration Files

Steps to Reproduce

Debug Output

Panic Output

Important Factoids

References

Would you like to implement a fix?