Cannot update oauth client secret

[ashhammond]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

Provider 0.1.1 Terraform 1.3.9 PingFederate 11.2.3.0

Affected Resource(s)

• pingfederate_oauth_client

Terraform Configuration Files

resource "pingfederate_oauth_client" "client_credentials_client" {

  client_id                        = "sample_client_credentials_client"
  name                             = "sample_client_credentials_client"
  grant_types                      = ["CLIENT_CREDENTIALS"]
  default_access_token_manager_ref = pingfederate_oauth_access_token_manager.reference_manager.id
  client_auth = {
    secret = "super_secret"
    type   = "SECRET"
  }
  restrict_scopes   = true
  restricted_scopes = ["super_access"]
  oidc_policy = {
    grant_access_session_revocation_api = false
    logout_uris                         = ["https://logout"]
    ping_access_logout_capable          = true
  }

}

Panic Output

Terraform apply
pingfederate_oauth_access_token_manager.reference_manager: Refreshing state... [id=reference]
pingfederate_oauth_auth_server_settings.settings: Refreshing state... [id=OauthAuthServerSettings]
pingfederate_oauth_access_token_mappings.reference_atm_mappings: Refreshing state... [id=client_credentials|reference]
pingfederate_oauth_client.client_credentials_client: Refreshing state... [id=sample_client_credentials_client]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # pingfederate_oauth_client.client_credentials_client will be updated in-place
  ~ resource "pingfederate_oauth_client" "client_credentials_client" {
      ~ client_auth                                     = {
          ~ encrypted_secret = "OBF:JWE:eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiRUtwckJ6Zkd5RSIsInZlcnNpb24iOiIxMS4yLjMuMCJ9..EbTuxxk1i2G5KAicGI4QcQ.GVcDJzbn2Tswy5MVN4QOs1zf3hW5_Db_wG9EKvFo1MlHpX1T2qHx14rJqgOQ0Kq4_AYpPBOkWhH7bZ8-B3GeCqHlG8Peh-VuJ_lb7Z3drTw.-Bf1QSKQ34qxYrSZvevO_w" -> (known after apply)
          ~ secret           = (sensitive value)
            # (1 unchanged attribute hidden)
        }
        id                                              = "sample_client_credentials_client"
        name                                            = "sample_client_credentials_client"
        # (31 unchanged attributes hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

pingfederate_oauth_client.client_credentials_client: Modifying... [id=sample_client_credentials_client]
╷
│ Error: Provider produced inconsistent result after apply
│ 
│ When applying changes to pingfederate_oauth_client.client_credentials_client, provider "provider[\"registry.terraform.io/iwarapter/pingfederate\"]" produced an unexpected new value: .client_secret_changed_time: was
│ cty.StringVal("2023-03-21T19:37:17.000Z"), but now cty.StringVal("2023-03-21T19:37:48.000Z").
│ 
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.

Debug Output

Expected Behavior

Secret is updated.

Actual Behavior

Secret is not updated and panic created

Steps to Reproduce

Create an oauth client with a client secret

terraform apply. 

Change secret

terraform apply. 

Important Factoids

References

• 0000