Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

client_flag is ignored on vault_pki_secret_backend_role #1952

Closed
kwohlfahrt opened this issue Jul 25, 2023 · 0 comments · Fixed by #1953
Closed

client_flag is ignored on vault_pki_secret_backend_role #1952

kwohlfahrt opened this issue Jul 25, 2023 · 0 comments · Fixed by #1953

Comments

@kwohlfahrt
Copy link

Terraform Version

Run terraform -v to show the version. If you are not running the latest version of Terraform, please upgrade because your issue may have already been fixed.

Terraform v1.5.3
on darwin_arm64
+ provider registry.terraform.io/hashicorp/vault v3.18.0

Affected Resource(s)

Please list the resources as a list, for example:

  • vault_pki_secret_backend_role

If this issue appears to affect multiple resources, it may be an issue with Terraform's core, so please mention this.

Terraform Configuration Files

terraform {
  required_providers {
    vault = {
      source  = "hashicorp/vault"
      version = "~> 3.18.0"
    }
  }

  required_version = "~> 1.5.3"
}

provider "vault" {
  address = "<snip>"
}

resource "vault_pki_secret_backend_role" "role" {
  name               = "server"
  backend            = "vpn"
  allowed_domains    = ["<snip>"]
  allow_subdomains   = true
  allow_bare_domains = true
  server_flag        = true
  client_flag        = false
  key_type           = "ec"
  key_bits           = 384
  max_ttl            = (7 * 24 * 60 * 60)
  generate_lease     = true
}

Expected Behavior

I expect terraform to apply the change once, and then reach a stable state. I also expect to see client_flag set to false when running vault read vpn/roles/server.

Actual Behavior

vault read vpn/roles/server shows client_flag set to true, even after applying changes. Terraform also always shows the following plan, even when applying multiple times:

  # vault_pki_secret_backend_role.role will be updated in-place
  ~ resource "vault_pki_secret_backend_role" "role" {
      ~ client_flag                        = true -> false
        id                                 = "vpn/roles/server"
        name                               = "server"
        # (37 unchanged attributes hidden)
    }

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

  1. terraform apply

Important Factoids

Looking at the fix for the related issue in #1933, it seems like the following parameters all likely to be affected:

  • consts.FieldClientFlag
  • consts.FieldCodeSigningFlag
  • consts.FieldEmailProtectionFlag

References

This is very similar to #1932.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

secrets/pki: fix boolean fields hashicorp/terraform-provider-vault
1 participant
@kwohlfahrt