data.vault_generic_secret id gets updated every run with terraform 0.13 and vault 2.12.2 provider

[guitmz]

Terraform Version

0.13.0 with hashicorp/vault v2.12.2 provider

Affected Resource(s)

Please list the resources as a list, for example:

• data.vault_generic_secret

Terraform Configuration Files

data "vault_generic_secret" "my_secret" {
  path = "secret/core/myPath/${var.domain}/whatever/mySecretKey"
}

Debug Output

2020/08/13 18:23:11 [WARN] Provider "data.vault_generic_secret.my_secret" produced an unexpected new value for %!s(MISSING).registry.terraform.io/hashicorp/vault
      - .version: was null, but now cty.NumberIntVal(-1)
      - .id: was cty.StringVal("cc619aa0-XXXX-XXXX-XXXX-f56a90fc3684"), but now cty.StringVal("6c672d76-XXXX-XXXX-XXXX-d50b1c68a907")

That's the only maybe meaningful mention of the affected resource I found in debug logs.

Expected Behavior

terraform plan shouldn't try to change anything

Actual Behavior

terraform always try to change the id of mentioned resource (and it weirdly says 0 to change anyway)

Terraform will perform the following actions:

  # data.vault_generic_secret.my_secret will be read during apply
  # (config refers to values not yet known)
 <= data "vault_generic_secret" "my_secret"  {
        data             = {
            "credential" = "XYZ"
        }
        data_json        = jsonencode(
            {
                credential = "XYZ"
            }
        )
      ~ id               = "86623e3e-XXXX-XXXX-XXXX-db8226d950c9" -> "6462d847-XXXX-XXXX-XXXX-547ccfbfd5ee"
        lease_duration   = 0
        lease_renewable  = false
        lease_start_time = "RFC6669"
        path             = "secret/core/myPath/myDomain/whatever/mySecretKey"
        version          = -1
    }

Plan: 0 to add, 0 to change, 0 to destroy.

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

1. update from terraform 0.12.10 to 0.13 (following official upgrade guide)
2. run terraform plan with new terraform version and mentioned provider version (latest at time of writing)

[j-martin]

Confirming the same behavior with terraform 0.13 and hashicorp/vault v2.11.0

[headcr4sh]

Confirming that not only data "vault_generic_secret", but also data "vault_aws_access_credentials" (and possibly others) show the described unwanted behavior.

[Aurelian-Shuttleworth]

Confirming the same behavior with terraform 0.13 and hashicorp/vault v2.6.0

[catsby]

Hello - this is fixed in #849. The data source was using a Vault request ID as the ID for state, and under Terraform 0.13.0 that request ID was getting updated with every plan. The fix will go out in the next release, unfortunately I don't know specifically when that will be, but I imagine early next week.

[yatanasov]

Hello @catsby , thank you for fixing this, do you know when can we expect the next release ? This is quite critical for us. Thank you!

[yatanasov]

Thank you for fixing this and the quick release ! : )

[catsby]

@yatanasov you're very welcome. We're trying to be more responsive to this project and I'm trying to take a more active role, but progress is slow some times. Thank you all for your patience