Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: vault_nomad_secret_backend can't be initialized without token #2269

Open
mrVanDalo opened this issue Jun 12, 2024 · 0 comments
Open

[Bug]: vault_nomad_secret_backend can't be initialized without token #2269

mrVanDalo opened this issue Jun 12, 2024 · 0 comments
Labels
bug

Comments

@mrVanDalo
Copy link

Terraform Core Version

1.8.5

Terraform Vault Provider Version

3.23.0

Vault Server Version

1.16.1

Affected Resource(s)

  • vault_nomad_secret_backend

Expected Behavior

As described in the provider documentation the token is optional.

Also Vault CLI documentation states that it's possible to set the nomad token afterwards.

Expected is:
I configure the nomad backend without token and set the token via vault cli afterwards.

Alternative is:
I configure the nomad backend without token and nomad acl system will be bootstraped by vault, without sharing the root token (like in the consul_backend).

Actual Behavior

We get an error that the (optional) parameter token is not given.

But the secret backend is created in vault.

We have to import the new created resource to create all depended resources, which is annoying.

Relevant Error/Panic Output Snippet

# First run:

vault_nomad_secret_backend.config: Creating...
╷
│ Error: error writing "nomad/config/access": Error making API request.
│ 
│ URL: PUT https://vault.example.com/v1/nomad/config/access
│ Code: 400. Errors:
│ 
│ * Token not provided and failed to bootstrap ACLs
│ 
│   with vault_nomad_secret_backend.config,
│   on main.tf line 1, in resource "vault_nomad_secret_backend" "config":
│    1: resource "vault_nomad_secret_backend" "config" {
│ 
╵
ERRO[0003] terraform invocation failed


# Second run:


vault_nomad_secret_backend.config: Creating...
╷
│ Error: error mounting to "nomad": Error making API request.
│ 
│ URL: POST https://vault.example.com/v1/sys/mounts/nomad
│ Code: 400. Errors:
│ 
│ * path is already in use at nomad/
│ 
│   with vault_nomad_secret_backend.config,
│   on main.tf line 1, in resource "vault_nomad_secret_backend" "config":
│    1: resource "vault_nomad_secret_backend" "config" {
│ 
╵
ERRO[0007] terraform invocation failed

Terraform Configuration Files

resource "vault_nomad_secret_backend" "config" {
  backend                   = "nomad"
  description               = "Nomad Backend (managed by Vault)"
  max_lease_ttl_seconds     = 12 * local.hours
  default_lease_ttl_seconds = 8 * local.hours
  max_ttl                   = 12 * local.hours
  ttl                       = 8 * local.hours
}

Steps to Reproduce

terraform apply
terraform apply

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

No
@mrVanDalo mrVanDalo added the bug label Jun 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mrVanDalo