[ibm_sm_arbitrary_secret] Allow updating of existing certificate

[alex-reiff]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

We have a use case where we update the payload of an existing secret. Here's how we do it with the REST API provider:

resource "restapi_object" "update_secret_payload" {
  path           = "${local.secrets_manager_endpoint}/api/v1/secrets/arbitrary/${var.secret_id}?action=rotate"
  data           = "{\"payload\": \"${local.api_key}\"}"
  create_method  = "POST"
  create_path    = "${local.secrets_manager_endpoint}/api/v1/secrets/arbitrary/${var.secret_id}?action=rotate"
  update_method  = "POST"
  update_path    = "${local.secrets_manager_endpoint}/api/v1/secrets/arbitrary/${var.secret_id}?action=rotate"
  destroy_method = "GET"
  destroy_path   = "${local.secrets_manager_endpoint}/api/v1/secrets/arbitrary/${var.secret_id}"
  force_new      = [var.region, var.secrets_manager_guid]
  read_path      = "${local.secrets_manager_endpoint}/api/v1/secrets/arbitrary/${var.secret_id}"
  object_id      = var.secret_id
  id_attribute   = "resources/0/id"
}

This intentionally does nothing during terraform destroy to keep the secret intact.

We have not found a way to recreate this behavior using the IBM provider.

New or Affected Resource(s)

• ibm_sm_arbitrary_secret

Potential Terraform Configuration

Terraform v1.4.4
IBM provider v1.51.0

References

• #0000

[idohubara]

We are working on this capability and it is planned to be a part of the next release

[IdanAdar]

PR is merged.