search

hashicorp / terraform-provider-vault

Terraform Vault provider
https://www.terraform.io/docs/providers/vault/
Mozilla Public License 2.0
459 stars 540 forks source link

[Bug]: ##[error]provider "registry.terraform.io/hashicorp/vault" produced an unexpected new value: Root resource was present, but now absent.[Bug]: #2161

Closed tanglaojames closed 7 months ago

tanglaojames commented 7 months ago

Terraform Core Version

1.7.3

Terraform Vault Provider Version

3.25.0

Vault Server Version

1.15.3

Affected Resource(s)

No response

Expected Behavior

We are expecting to offboard the static role of LDAP static role "Apply complete! Resources: 0 added, 0 changed, 1 destroyed."

Actual Behavior

We can offboard but when we try to deboard the static role using pipeline we can't offboard it after removing to our tfvars.json file. "Apply complete! Resources: 0 added, 0 changed, 0 destroyed."

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

main.tf resource "vault_ldap_secret_backend_static_role" "role" { for_each = var.Hashi_LDAPSSE_Roles mount = each.value.ldap_secret_engine_path username = each.value.appid dn = each.value.dname role_name = each.value.role_name #"${each.value.role_name}" rotation_period = var.token_ttl }

providers.tf terraform { backend "azurerm" {} required_providers { vault = { source = "hashicorp/vault" version = "3.25.0" } } }

provider "vault" {

Configuration options address = var.vault_url }

variables.tf variable "Hashi_LDAPSSE_Roles" { description = "Data From aggregated ldap static roles data, this schema should match the JSON hashi adse roles file." type = map(object( { appid_email: string, appid: string, role_name: string, environment: string, airid: string, dname: string, domain: string, ldap_secret_engine_path: string } )) }

variable "ldap_secret_engine_path" { description = "(Required, Forces new resource) Path where the AD Secrets Engine is mounted" type = string sensitive = true } variable "token_ttl"{ description = " (Optional) The incremental lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time." type = string default = 75*86400 }

variable "token_max_ttl"{ description = "(Optional) The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time." type = string default = "8640000" }

variable "vault_url" { description = "URL of vault server to use, this needs to match Azure Devops hashiVaultEnv in the pipelines.yaml file." type = string default = "https://xxxxxxxxxxx.com/" }

Steps to Reproduce

Pipeline in YAML to aggregate data into tfvars.json file and perform terraform apply. run pipeline to deboard account.

Debug Output

DEBUG_Result.txt TRACE_Result.txt

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

None

fairclothjm commented 7 months ago

Closing as I believe this is resolved by fixing the token permissions and PR https://github.com/hashicorp/terraform-provider-vault/pull/2156 which should be available in the next release