Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unable to destroy secret_id after it is consumed #97

Closed
rduboiscortex opened this issue Apr 12, 2018 · 1 comment · Fixed by #148
Closed

Unable to destroy secret_id after it is consumed #97

rduboiscortex opened this issue Apr 12, 2018 · 1 comment · Fixed by #148
Labels

Comments

@rduboiscortex
Copy link

Terraform Version

Terraform v0.11.7

  • provider.vault v1.1.0

Vault Version

0.9.1

Affected Resource(s)

  • vault_approle_auth_backend_role_secret_id

Terraform Configuration Files

resource "vault_approle_auth_backend_role" "app_role" {
  backend   = "approle"
  role_name = "app_role_test"
  policies  = ["${vault_policy.policy_approle.name}"]

  secret_id_num_uses = "1"
  secret_id_ttl      = "${var.secret_ttl}"
}

resource "vault_approle_auth_backend_role_secret_id" "app_secret_id" {
  backend   = "${vault_approle_auth_backend_role.app_role.backend}"
  role_name = "${vault_approle_auth_backend_role.app_role.role_name}"
}

Expected Behavior

Terraform should not throw an error during the destroy process if the secret_id has been consumed in the vault.

Actual Behavior

Error: Error refreshing state: 1 error(s) occurred:

* module.create_vault_approle.vault_approle_auth_backend_role_secret_id.app_secret_id: 1 error(s) occurred:

* module.create_vault_approle.vault_approle_auth_backend_role_secret_id.app_secret_id: vault_approle_auth_backend_role_secret_id.app_secret_id: Error checking if AppRole auth backend role SecretID "backend=approle::role=app_role_test::accessor="abcd1234" exists: Error making API request.

URL: PUT http://127.0.0.1:8200/v1/auth/approle/role/app_role_test/secret-id-accessor/lookup
Code: 500. Errors:

* 1 error occurred:

* failed to find accessor entry for secret_id_accessor:

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

  1. terraform apply
  2. curl --request POST --data "{ "role_id" : "$ROLE_ID", "secret_id" : "$SECRET_ID" }" http://127.0.0.1:8200/v1/auth/approle/login
  3. terraform destroy
@kmcquade
Copy link

+1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants