Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error using vault_generic_endpoint to register a custom plugin #1975

Open
anthonyralston opened this issue Aug 14, 2023 · 5 comments
Open

Error using vault_generic_endpoint to register a custom plugin #1975

anthonyralston opened this issue Aug 14, 2023 · 5 comments

Comments

@anthonyralston
Copy link

Terraform Version

v1.3.2

Affected Resource(s)

  • vault_generic_endpoint to path sys/plugins/catalog/secret/some-custom-plugin

Terraform Configuration Files

locals {
  plugin_config = {
    name    = "some-custom-plugin"
    command = "some-custom-plugin-${var.config.tag}"
    sha256  = var.config.sha256
    version = var.config.version
    builtin = false
  }
}

resource "vault_generic_endpoint" "register_custom_plugin" {
  path      = "sys/plugins/catalog/secret/some-custom-plugin"
  data_json = jsonencode(local.plugin_config)

  ignore_absent_fields = true
}

Expected Behavior

Apply is successful.

Actual Behavior

--
  | │ Error: Provider produced inconsistent result after apply
  | │
  | │ When applying changes to
  | │ module.custom_plugin.vault_generic_endpoint.register_custom_plugin, provider
  | │ "provider[\"registry.terraform.io/hashicorp/vault\"]" produced an
  | │ unexpected new value: Root resource was present, but now absent.
  | │
  | │ This is a bug in the provider, which should be reported in the provider's
  | │ own issue tracker.
  | ╵

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

  1. terraform apply
@anthonyralston anthonyralston changed the title Error registering a custom plugin Error using vault_generic_endpoint to register a custom plugin Aug 14, 2023
@tomhjp
Copy link
Contributor

tomhjp commented Aug 14, 2023

Thanks for the report. What are the input variables please? The API accepts tags with or without a leading 'v', but normalises to including the leading 'v', so I wonder if that might be causing the issue here.

@anthonyralston
Copy link
Author

Config looks like the below, so no leading v.

config = {
  tag     = "8588d498fb0e241dccf92b59dc5732b116906de2"
  sha256  = "f5801170e8a3575268e32bfdce9c7a1c323ffc610793da8ead14680fd0596e68"
  version = "0.1.2"
}

@anthonyralston
Copy link
Author

If it is helpful, this happens when using v3.19.0 of the Vault Terraform provider.

@fairclothjm
Copy link
Contributor

@anthonyralston Hello! Can you confirm that the plugin failed to register? When I use the config you provided I am able to register the plugin successfully despite receiving the error from the provider. You can check with:

vault plugin list --detailed secret | grep "some-custom-plugin"

I think the error is occurring because the GET plugin endpoint requires the version if the plugin was registered with a version. In that case you may want to set disable_read and disable_delete in vault_generic_endpoint

  disable_read   = true
  disable_delete = true

@fairclothjm
Copy link
Contributor

@anthonyralston Hello! Is there any recent update on this issue? Are you still experiencing this issue?

@tomhjp tomhjp mentioned this issue Mar 1, 2024
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tomhjp @fairclothjm @anthonyralston