search

vancluever / terraform-provider-acme-old

ACME (Let's Encrypt) Support for Terraform
Other
206 stars 26 forks source link

Migration from dns_challenge config to environment variables config stuck in state #64

Closed berney closed 6 years ago

berney commented 6 years ago

Previously I had a config like this: -

resource "acme_certificate" "docs-pub" {
   dns_challenge {
     provider = "azure"
    config {
      AZURE_SUBSCRIPTION_ID = "${var.arm_subscription_id}"
      AZURE_CLIENT_ID       = "${var.arm_client_id}"
      AZURE_CLIENT_SECRET   = "${var.arm_client_secret}"
      AZURE_TENANT_ID       = "${var.arm_tenant_id}"
      AZURE_RESOURCE_GROUP  = "${var.dns_zone_rg_name}"
    }
}

And I removed the AZURE_* properties so that credentials must be passed in the environment variables: AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, AZURE_SUBSCRIPTION_ID, AZURE_TENANT_ID, AZURE_RESOURCE_GROUP.

After do terraform plan and terraform apply the execution plan always wants to remove the old AZURE_* properties but they are stuck, after an apply they are still in the state and a subsequent apply will have the same execution plan.

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  ~ module.docs-elttam.acme_certificate.docs-pub
      dns_challenge.2546575925.provider:                     "" => "azure"
      dns_challenge.3392271354.config.%:                     "5" => "0"
      dns_challenge.3392271354.config.AZURE_CLIENT_ID:       "<REDACTED>" => ""
      dns_challenge.3392271354.config.AZURE_CLIENT_SECRET:   "<REDACTED>" => ""
      dns_challenge.3392271354.config.AZURE_RESOURCE_GROUP:  "<REDACTED>" => ""
      dns_challenge.3392271354.config.AZURE_SUBSCRIPTION_ID: "<REDACTED>" => ""
      dns_challenge.3392271354.config.AZURE_TENANT_ID:       "<REDACTED>" => ""
      dns_challenge.3392271354.provider:                     "azure" => ""

I'd like the old configuration properties to be removed by the apply and a subsequent apply to say no changes required. I'm not sure how to manually clear the issue, if I manually remove the state I'm not sure if it's possible to import the certificate and keys etc.

Terraform / ACME version

Terraform v0.11.7
+ provider.acme v1.0.0
+ provider.azurerm v1.8.0bc
+ provider.local v1.1.0
+ provider.null v1.0.0
+ provider.random v1.3.1
+ provider.tls v1.1.0
vancluever commented 6 years ago

Closing this one out in favor of new issue