hashicorp / terraform-provider-vault

Terraform Vault provider
https://www.terraform.io/docs/providers/vault/
Mozilla Public License 2.0
465 stars 544 forks source link

vault_ssh_secret_backend_role constantly reports changes to cidr_list #652

Open josemaia opened 4 years ago

josemaia commented 4 years ago

Terraform Version

➜ terraform -v Terraform v0.12.18

Affected Resource(s)

Terraform Configuration Files

resource "vault_ssh_secret_backend_role" "ssh_client_signer_aops" {
  name                    = "admin"
  backend                 = vault_mount.ssh_client_signer.path
  key_type                = "ca"
  allow_user_certificates = true
  cidr_list               = "0.0.0.0/0"
  allowed_users           = var.ADMIN_USER
  default_user            = var.ADMIN_USER
  max_ttl                 = "2592000"
  ttl                     = "2592000"
  allow_user_key_ids      = false
  key_id_format           = "{{token_display_name}}"
  default_extensions      = map("permit-pty", "")
}

Debug Output

There's a lot of potentially secure stuff that I'd rather not share unless necessary, but the relevant parts:

2020/01/16 14:08:31 [WARN] Provider "registry.terraform.io/-/vault" produced an unexpected new value for module.ssh.vault_ssh_secret_backend_role.ssh_client_signer_aops, but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .cidr_list: was cty.StringVal("0.0.0.0/0"), but now cty.StringVal("")

Expected Behavior

After the change was applied, further terraform apply wouldn't report a change.

Actual Behavior

Every apply reports the change

Steps to Reproduce

  1. Add an object with cidr "0.0.0.0/0"
  2. terraform apply

Important Factoids

Tested against Vault 1.1.3

rvdh commented 1 year ago

Still occurs in provider version 3.12.0 :(