Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: ssh role resources have inconsistent time values format between state and config #2344

Open
kuzzikan opened this issue Oct 22, 2024 · 0 comments
Open

[Bug]: ssh role resources have inconsistent time values format between state and config #2344

kuzzikan opened this issue Oct 22, 2024 · 0 comments
Labels
bug

Comments

@kuzzikan
Copy link

kuzzikan commented Oct 22, 2024
edited
Loading

Terraform Core Version

1.9.5

Terraform Vault Provider Version

4.2.0

Vault Server Version

1.7.5

Affected Resource(s)

vault_ssh_secret_backend_role

Expected Behavior

When there are no changes in the configuration concerning values for 'ttl' and 'max_ttl', Terraform plan/apply should not mark the exact configuration as 'to be changed'

Actual Behavior

It seems that although the provider requires human readable format to be passed, in the state it is stored in seconds, and triggering a change for the plan/apply. With other resources where we control 'ttl' and 'max_ttl' this is behaviour is not present.

Relevant Error/Panic Output Snippet

# module.order.module.ssh["81d98dfa-aa76-42d6-8ee0-0fc3ab9e0548_ssh-poc"].vault_ssh_secret_backend_role.client_signer will be updated in-place
  ~ resource "vault_ssh_secret_backend_role" "client_signer" {
      + default_user             = (known after apply)
        id                       = "ssh/roles/ssh-poc-client_signer"
      ~ max_ttl                  = "3600" -> "60m"
        name                     = "ssh-poc-client_signer"
      ~ ttl                      = "1800" -> "30m"
        # (18 unchanged attributes hidden)
    }

Terraform Configuration Files

Resource definition in the module

resource "vault_ssh_secret_backend_role" "client_signer" {
  ttl          = local.client_signer_json.ttl
  max_ttl      = local.client_signer_json.max_ttl

Locals configuration in the repository

locals { metadata = { for metadata in yamldecode(file("orders/metadata.yaml"))["metadata"] : metadata.uuid => metadata }
  ssh = yamldecode(file("orders/ssh.yaml"))

orders/ssh.yaml for values

ssh:
- uuid: "a298b60f-ee55-432h-b074-02a6dg4d9116"
  name: "dev"
  client_allowed_extensions: "permit-pty,permit-port-forwarding"
  client_ttl: "30m"
  client_max_ttl: "60m"

Steps to Reproduce

  • enable ssh secrets engine
  • create a resource 'vault_ssh_secret_backend_role' with 'ttl' and/or 'max_ttl' values defined
  • run terraform apply, and the update prompt including the inconsistency on time format will be visible

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

None
@kuzzikan kuzzikan added the bug label Oct 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kuzzikan