search

hashicorp / terraform-provider-vault

Terraform Vault provider
https://www.terraform.io/docs/providers/vault/
Mozilla Public License 2.0
467 stars 542 forks source link

[Bug]: Unable to upgrade vault provider #2331

Open amitkothari opened 2 months ago

amitkothari commented 2 months ago

We are currently using an older version of the Vault provider and are trying to upgrade to a more recent version. Following the upgrade guide, we plan to upgrade to version 3.25.0 first and then to 4.x.x. However, we encounter an error with the vault_policy resource for any version after 3.15.2.

Terraform Core Version

1.1.9

Terraform Vault Provider Version

3.16.0

Vault Server Version

1.15.8

Affected Resource(s)

Expected Behavior

There are no changes to the resource configuration, so the upgrade should proceed without requiring any infrastructure modifications or causing errors.

Actual Behavior

Getting following error 

│ Error: error writing to Vault: Error making API request.
│
│ Namespace: admin/admin
│ URL: PUT https://<cluster-url>:8200/v1/sys/policies/acl/test-policy
│ Code: 404. Errors:
│
│ * no handler for route "admin/sys/policies/acl/test-policy". route entry not found.

Here <cluster-url> is our vault cluster url in HashiCorp cloud.

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

main.tf

terraform {
  required_version = ">= 1.1.9"
  required_providers {
    vault = "~> 3.15.2"
  }
}

variable "vault_address" {
}

variable "vault_token" {
}

provider "vault" {
  address = var.vault_address
  token   = var.vault_token
}

resource "vault_policy" "test_policy" {
  namespace = "admin"
  name      = "test-policy"
  policy    = file("${path.module}/vault-policies/test-policy.hcl")
}

Sample policy hcl test-policy.hcl

path "kv/data/database/test-database" {
  capabilities = ["read"]
}

Steps to Reproduce

  1. Under required_providers, set "~> 3.15.2" as vault version.
  2. Run terraform init to initialise workspace
  3. Run terraform apply to apply changes
  4. Upgrade vault provider version to "~> 3.16"
  5. Run terraform init -upgrade to upgrade provider version
  6. Run terraform apply to apply changes

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

None

iniinikoski commented 2 months ago

Hi @amitkothari. It sounds to me you've bumped an existing issue. Please check the issue https://github.com/hashicorp/terraform-provider-vault/issues/1903#issuecomment-2364740948 - and this is also the link to my latest finding for a possible fix. We were just able to go into the latest version (4+) after a 1,5 year blocker.

amitkothari commented 2 months ago

Thanks @iniinikoski I will give it a try.

amitkothari commented 2 months ago

@iniinikoski setting set_namespace_from_token to false fixed the issue. Thank you so much :)