You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If I have a vault_gcp_auth_backend_role resource, Terraform wants to recreate it on every subsequent run of terraform apply (or terraform plan,) even if I haven't actually changed the resource.
Since I didn't change the resource at all, Terraform should not plan any changes.
Actual Behavior
Terraform reports changes for the resource:
>terraform apply
vault_gcp_auth_backend_role.my_role: Refreshing state... (ID: auth/gcp/role/elabs_developer)
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
-/+ destroy and then create replacement
Terraform will perform the following actions:
-/+ vault_gcp_auth_backend_role.my_role (new resource required)
id: "auth/gcp/role/elabs_developer" => <computed> (forces new resource)
backend: "gcp" => "gcp"
bound_service_accounts.#: "1" => "1"
bound_service_accounts.2121747459: "[email protected]" => "[email protected]"
max_ttl: "7200" => "2h"
period: "" => <computed>
policies.#: "1" => "1"
policies.1971754988: "default" => "default"
project_id: "sfmc-qa-poc" => "sfmc-qa-poc"
role: "elabs_developer" => "elabs_developer"
ttl: "" => <computed>
type: "" => "iam" (forces new resource)
Plan: 1 to add, 0 to change, 1 to destroy.
Steps to Reproduce
terraform apply - on the first run, it creates the resource as expected
Don't make any changes in Vault or in the Terraform configuration file
terraform apply (or terraform plan) - it unexpectedly wants to recreate the resource
Important Factoids
I may have lumped two problems into one issue.
In the example, I expressed max_ttl as 2h. On the re-run, it sees the current value as 7200 (seconds) and wants to change it back to 2h even though they represent the same value.
However, if we remove max_ttl from the picture, the problem still happens, likely because of type.
The text was updated successfully, but these errors were encountered:
I have figured out the issue. The documentation [1] says that the type field is returned on a read as role_type. However the actual value is just role.
I have successfully patched the provider accordingly and afterwards, the issue is resolved. However I am not sure, how the API is supposed to be (what is the correct, expected response). I think this should be clarified before updating the provider here. I have created a ticket there [2].
Summary
If I have a
vault_gcp_auth_backend_role
resource, Terraform wants to recreate it on every subsequent run ofterraform apply
(orterraform plan
,) even if I haven't actually changed the resource.Terraform Version
Affected Resource(s)
Terraform Configuration Files
I omitted the values of the variables because they are all specific to my environment.
Debug Output
https://gist.github.com/RobinsonWM/3cea0f24335e540559e68552402e0fa2
Expected Behavior
Since I didn't change the resource at all, Terraform should not plan any changes.
Actual Behavior
Terraform reports changes for the resource:
Steps to Reproduce
terraform apply
- on the first run, it creates the resource as expectedterraform apply
(orterraform plan
) - it unexpectedly wants to recreate the resourceImportant Factoids
I may have lumped two problems into one issue.
In the example, I expressed
max_ttl
as2h
. On the re-run, it sees the current value as7200
(seconds) and wants to change it back to2h
even though they represent the same value.However, if we remove
max_ttl
from the picture, the problem still happens, likely because oftype
.The text was updated successfully, but these errors were encountered: