jwt_auth_backend: fix oidc_client_secret storage #803
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Community Note
Closes #449
The
oidc_client_secret
is sensitive so it will not be in the response from Vault.Our options are to a) always assume it must be updated (current) or b) always assume it matches what we last set it to (this change). This assumes it always matches what we last set it to so that
HasChange
isn't always true.This does intentionally miss the edge case where the
oidc_client_secret
is updated without using Terraform. Since we cannot know the current state ofoidc_client_secret
, Terraform will show no changes are required even if the actual value in Vault does not match the current value in state.Release note for CHANGELOG:
Output from acceptance testing: