claim_mappings and oidc_client_secret breaking idempotency

[etiennejournet]

Hi,

I've got idempotency breaks in resource vault_jwt_auth_backend with "oidc_client_secret" and in resource vault_jwt_auth_backend_role with "claim_mappings".

By idempotency breaks I mean it triggers a change a every terraform run.

My code :

resource "vault_jwt_auth_backend" "vault" {
  path                    = "oidc"
  type                    = "oidc"
  oidc_discovery_url      = "https://login.microsoftonline.com/${var.ad_tenant_id}/v2.0"
  oidc_client_id          = azuread_application.vault.application_id
  oidc_client_secret      = random_password.vault.result
}

resource "vault_jwt_auth_backend_role" "vault" {
  backend               = vault_jwt_auth_backend.vault.path
  role_name             = "admin"
  token_policies        = ["admin"]

  user_claim            = "name"
  allowed_redirect_uris = ["https://vault.${terraform.workspace}.mydomain.fr/ui/vault/auth/oidc/oidc/callback", "http://127.0.0.1:8200/ui/vault/auth/oidc/oidc/callback"]
}

I went back to 2.12.0 to test this.

Thanks for your feedback,

[walkafwalka]

Is there a version where this does not happen? I am currently using 2.11.