Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: Unable to upgrade vault provider #2331

Open
amitkothari opened this issue Sep 20, 2024 · 3 comments
Open

[Bug]: Unable to upgrade vault provider #2331

amitkothari opened this issue Sep 20, 2024 · 3 comments
Labels
bug

Comments

@amitkothari
Copy link

amitkothari commented Sep 20, 2024
edited
Loading

We are currently using an older version of the Vault provider and are trying to upgrade to a more recent version. Following the upgrade guide, we plan to upgrade to version 3.25.0 first and then to 4.x.x. However, we encounter an error with the vault_policy resource for any version after 3.15.2.

Terraform Core Version

1.1.9

Terraform Vault Provider Version

3.16.0

Vault Server Version

1.15.8

Affected Resource(s)

  • vault_policy

Expected Behavior

There are no changes to the resource configuration, so the upgrade should proceed without requiring any infrastructure modifications or causing errors.

Actual Behavior

Getting following error

│ Error: error writing to Vault: Error making API request.
│
│ Namespace: admin/admin
│ URL: PUT https://<cluster-url>:8200/v1/sys/policies/acl/test-policy
│ Code: 404. Errors:
│
│ * no handler for route "admin/sys/policies/acl/test-policy". route entry not found.

Here <cluster-url> is our vault cluster url in HashiCorp cloud.

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

main.tf

terraform {
  required_version = ">= 1.1.9"
  required_providers {
    vault = "~> 3.15.2"
  }
}

variable "vault_address" {
}

variable "vault_token" {
}

provider "vault" {
  address = var.vault_address
  token   = var.vault_token
}

resource "vault_policy" "test_policy" {
  namespace = "admin"
  name      = "test-policy"
  policy    = file("${path.module}/vault-policies/test-policy.hcl")
}

Sample policy hcl test-policy.hcl

path "kv/data/database/test-database" {
  capabilities = ["read"]
}

Steps to Reproduce

  1. Under required_providers, set "~> 3.15.2" as vault version.
  2. Run terraform init to initialise workspace
  3. Run terraform apply to apply changes
  4. Upgrade vault provider version to "~> 3.16"
  5. Run terraform init -upgrade to upgrade provider version
  6. Run terraform apply to apply changes

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

None
@iniinikoski
Copy link

Hi @amitkothari. It sounds to me you've bumped an existing issue. Please check the issue #1903 (comment) - and this is also the link to my latest finding for a possible fix. We were just able to go into the latest version (4+) after a 1,5 year blocker.

@amitkothari
Copy link
Author

Thanks @iniinikoski I will give it a try.

@amitkothari
Copy link
Author

@iniinikoski setting set_namespace_from_token to false fixed the issue. Thank you so much :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@amitkothari @iniinikoski