Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

data source refresh causes unwanted/unneeded recreation of resource #36238

Open
AurimasNav opened this issue Dec 19, 2024 · 1 comment
Open

data source refresh causes unwanted/unneeded recreation of resource #36238

AurimasNav opened this issue Dec 19, 2024 · 1 comment
Labels
bug new new issue not yet triaged waiting for reproduction unable to reproduce issue without further information waiting-response An issue/pull request is waiting for a response from the community

Comments

@AurimasNav
Copy link

AurimasNav commented Dec 19, 2024
edited
Loading

This is continuation of #29716 since the original issue is closed and won't allow replies.
It was closed because of no reproducible example, here providing one.

Steps to Reproduce

  1. have a key vault resource
resource "azurerm_key_vault" "example" {
  name                        = "examplekeyvault"
  location                    = azurerm_resource_group.example.location
  resource_group_name         = azurerm_resource_group.example.name
  enabled_for_disk_encryption = true
  tenant_id                   = data.azurerm_client_config.current.tenant_id
  soft_delete_retention_days  = 7
  purge_protection_enabled    = false

  sku_name = "standard"

  access_policy {
    tenant_id = data.azurerm_client_config.current.tenant_id
    object_id = data.azurerm_client_config.current.object_id

    key_permissions = [
      "Get",
    ]

    secret_permissions = [
      "Get",
    ]

    storage_permissions = [
      "Get",
    ]
  }
}
  1. key vault secret data source
data "azurerm_key_vault_secret" "example" {
  name         = "secret-sauce"
  key_vault_id = data.azurerm_key_vault.example.id
}
  1. have some resource referencing key vault secret value from data source
  2. apply configuration
  3. change some property for key vault (I've tested with disabling/enabling public access for key vault)
  4. run plan and observe that the secret datasources must be read during apply and resources depending on them are going to be reconfigured or re-created.

maybe that is working as intended, but it seems strange that secrets have to be read during apply, because of changing such irrelevant properties on the key vault
@AurimasNav AurimasNav added bug new new issue not yet triaged labels Dec 19, 2024
@jbardin
Copy link
Member

jbardin commented Dec 19, 2024
edited
Loading

Hi @AurimasNav,

In order to know what is going on here we would ned a complete example, and the output of the plan. The plan output should explain why the resource is being replaced, but the configuration would confirm it.

By "data source refresh" I'm guessing you mean that the data source cannot be read because it depends on values not known until apply. A data source cannot be read if it's configuration is unknown or it depends on other pending changes, so it's unlikely a bug in Terraform, and will require some change to your configuration.

@jbardin jbardin added waiting-response An issue/pull request is waiting for a response from the community waiting for reproduction unable to reproduce issue without further information labels Dec 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug new new issue not yet triaged waiting for reproduction unable to reproduce issue without further information waiting-response An issue/pull request is waiting for a response from the community
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jbardin @AurimasNav