Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: ##[error]provider "registry.terraform.io/hashicorp/vault" produced an unexpected new value: Root resource was present, but now absent.[Bug]: #2161

Closed
tanglaojames opened this issue Feb 27, 2024 · 1 comment
Closed

[Bug]: ##[error]provider "registry.terraform.io/hashicorp/vault" produced an unexpected new value: Root resource was present, but now absent.[Bug]: #2161

tanglaojames opened this issue Feb 27, 2024 · 1 comment
Labels
bug

Comments

@tanglaojames
Copy link

Terraform Core Version

1.7.3

Terraform Vault Provider Version

3.25.0

Vault Server Version

1.15.3

Affected Resource(s)

No response

Expected Behavior

We are expecting to offboard the static role of LDAP static role
"Apply complete! Resources: 0 added, 0 changed, 1 destroyed."

Actual Behavior

We can offboard but when we try to deboard the static role using pipeline we can't offboard it after removing to our tfvars.json file.
"Apply complete! Resources: 0 added, 0 changed, 0 destroyed."

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

main.tf
resource "vault_ldap_secret_backend_static_role" "role" {
for_each = var.Hashi_LDAPSSE_Roles
mount = each.value.ldap_secret_engine_path
username = each.value.appid
dn = each.value.dname
role_name = each.value.role_name #"${each.value.role_name}"
rotation_period = var.token_ttl
}

providers.tf
terraform {
backend "azurerm" {}
required_providers {
vault = {
source = "hashicorp/vault"
version = "3.25.0"
}
}
}

provider "vault" {

Configuration options
address = var.vault_url
}

variables.tf
variable "Hashi_LDAPSSE_Roles" {
description = "Data From aggregated ldap static roles data, this schema should match the JSON hashi adse roles file."
type = map(object(
{
appid_email: string,
appid: string,
role_name: string,
environment: string,
airid: string,
dname: string,
domain: string,
ldap_secret_engine_path: string
}
))
}

variable "ldap_secret_engine_path" {
description = "(Required, Forces new resource) Path where the AD Secrets Engine is mounted"
type = string
sensitive = true
}
variable "token_ttl"{
description = " (Optional) The incremental lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time."
type = string
default = 75*86400
}

variable "token_max_ttl"{
description = "(Optional) The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time."
type = string
default = "8640000"
}

variable "vault_url" {
description = "URL of vault server to use, this needs to match Azure Devops hashiVaultEnv in the pipelines.yaml file."
type = string
default = "https://xxxxxxxxxxx.com/"
}

Steps to Reproduce

Pipeline in YAML to aggregate data into tfvars.json file and perform terraform apply.
run pipeline to deboard account.

Debug Output

DEBUG_Result.txt
TRACE_Result.txt

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

None
@fairclothjm
Copy link
Contributor

Closing as I believe this is resolved by fixing the token permissions and PR #2156 which should be available in the next release

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fairclothjm @tanglaojames