search

hashicorp / terraform-provider-vault

Terraform Vault provider
https://www.terraform.io/docs/providers/vault/
Mozilla Public License 2.0
458 stars 540 forks source link

[Bug]: vault_nomad_secret_backend can't be initialized without token #2269

Open mrVanDalo opened 3 months ago

mrVanDalo commented 3 months ago

Terraform Core Version

1.8.5

Terraform Vault Provider Version

3.23.0

Vault Server Version

1.16.1

Affected Resource(s)

Expected Behavior

As described in the provider documentation the token is optional.

Also Vault CLI documentation states that it's possible to set the nomad token afterwards.

Expected is: I configure the nomad backend without token and set the token via vault cli afterwards.

Alternative is: I configure the nomad backend without token and nomad acl system will be bootstraped by vault, without sharing the root token (like in the consul_backend).

Actual Behavior

We get an error that the (optional) parameter token is not given.

But the secret backend is created in vault.

We have to import the new created resource to create all depended resources, which is annoying.

Relevant Error/Panic Output Snippet

# First run:

vault_nomad_secret_backend.config: Creating...
╷
│ Error: error writing "nomad/config/access": Error making API request.
│ 
│ URL: PUT https://vault.example.com/v1/nomad/config/access
│ Code: 400. Errors:
│ 
│ * Token not provided and failed to bootstrap ACLs
│ 
│   with vault_nomad_secret_backend.config,
│   on main.tf line 1, in resource "vault_nomad_secret_backend" "config":
│    1: resource "vault_nomad_secret_backend" "config" {
│ 
╵
ERRO[0003] terraform invocation failed

# Second run:

vault_nomad_secret_backend.config: Creating...
╷
│ Error: error mounting to "nomad": Error making API request.
│ 
│ URL: POST https://vault.example.com/v1/sys/mounts/nomad
│ Code: 400. Errors:
│ 
│ * path is already in use at nomad/
│ 
│   with vault_nomad_secret_backend.config,
│   on main.tf line 1, in resource "vault_nomad_secret_backend" "config":
│    1: resource "vault_nomad_secret_backend" "config" {
│ 
╵
ERRO[0007] terraform invocation failed

Terraform Configuration Files


resource "vault_nomad_secret_backend" "config" {
  backend                   = "nomad"
  description               = "Nomad Backend (managed by Vault)"
  max_lease_ttl_seconds     = 12 * local.hours
  default_lease_ttl_seconds = 8 * local.hours
  max_ttl                   = 12 * local.hours
  ttl                       = 8 * local.hours
}

Steps to Reproduce

terraform apply terraform apply

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

No