Unable to destroy secret_id after it is consumed

[rduboiscortex]

Terraform Version

Terraform v0.11.7

• provider.vault v1.1.0

Vault Version

0.9.1

Affected Resource(s)

• vault_approle_auth_backend_role_secret_id

Terraform Configuration Files

resource "vault_approle_auth_backend_role" "app_role" {
  backend   = "approle"
  role_name = "app_role_test"
  policies  = ["${vault_policy.policy_approle.name}"]

  secret_id_num_uses = "1"
  secret_id_ttl      = "${var.secret_ttl}"
}

resource "vault_approle_auth_backend_role_secret_id" "app_secret_id" {
  backend   = "${vault_approle_auth_backend_role.app_role.backend}"
  role_name = "${vault_approle_auth_backend_role.app_role.role_name}"
}

Expected Behavior

Terraform should not throw an error during the destroy process if the secret_id has been consumed in the vault.

Actual Behavior

Error: Error refreshing state: 1 error(s) occurred:

* module.create_vault_approle.vault_approle_auth_backend_role_secret_id.app_secret_id: 1 error(s) occurred:

* module.create_vault_approle.vault_approle_auth_backend_role_secret_id.app_secret_id: vault_approle_auth_backend_role_secret_id.app_secret_id: Error checking if AppRole auth backend role SecretID "backend=approle::role=app_role_test::accessor="abcd1234" exists: Error making API request.

URL: PUT http://127.0.0.1:8200/v1/auth/approle/role/app_role_test/secret-id-accessor/lookup
Code: 500. Errors:

* 1 error occurred:

* failed to find accessor entry for secret_id_accessor:

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

1. terraform apply
2. curl --request POST --data "{ "role_id" : "$ROLE_ID", "secret_id" : "$SECRET_ID" }" http://127.0.0.1:8200/v1/auth/approle/login
3. terraform destroy

[kmcquade]

+1