No ability to set PKI secret engines CRL

[estein9825]

Hi There,

Before generating a root certificate, one should set the configuration URLs for the issuing cert and the distribution endpoint: see https://www.vaultproject.io/docs/secrets/pki/index.html, step 4.

There are no options in the vault_pki_secret_backend_root_cert resource to do this. I tried using the vault_generic_secret and it worked, however pki/config/urls does not have a DELETE operation, instead you have to set the parameters to empty. As a result, I couldn't get terraform to roll back itself automatically since it kept trying to initiate a delete command.

Finally I had to simply remove that particular resource from the state file via the command: terraform state rm vault_generic_secret.pki_config to get things working again.

We need a means to initiate a set on that particular path and in the case of rollback a setting of an empty string instead.

Terraform Version

Terraform v0.11.13
Vault Provider 1.6.0
Vault v1.0.3

Affected Resource(s)

• vault provider
• vault_pki_secret_backend_root_cert
• vault_generic_secret

Terraform Configuration Files

resource "vault_generic_secret" "pki_config" {
  path         = "pki/config/urls"
  disable_read = true

  data_json = <<EOT
  {
    "issuing_certificates" : "https://172.0.0.1:8200/v1/pki/ca",
    "crl_distribution_points" : "https://172.0.0.1:8200/v1/pki/crl"
  }
EOT
}

Expected Behavior

Correctly update/delete the resource and parameters in Vault

Actual Behavior

* vault_generic_secret.pki_config: error deleting "pki/config/urls" from Vault: "Error making API request.\n\nURL: DELETE https://172.40.1.96:8200/v1/pki/config/urls\nCode: 405. Errors:\n\n* 1 error occurred:\n\t* unsupported operation\n\n"

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

1. enable pki engine in Vault
2. terraform apply to get resource created.
3. Add count = 0 to resource
4. terraform apply resource will attempt to be deleted.