Force data sources to be known after apply
#29914
Comments
|
This also seems related to #8099 I can simulate this feature by doing something like: locals {
always_changing_value = timestamp()
}
data "vault_generic_secret" "vault_secret" {
for_each = { for secret_meta in var.vault_secrets : secret_meta.env_name => secret_meta }
path = trimprefix("${local.always_changing_value}${each.value.path}", local.always_changing_value)
version = each.value.secret_version >= 0 ? each.value.secret_version : null
}where an attribute inside the data source uses output from the ever-changing This is an awkward UX, and the output is less clear as the |
|
Hi @dmattia, Thanks for filing the issue. The idea proposed here unfortunately does not work in the sense that it will prevent terraform from converging on a clean plan, nor can it supply the credentials to the provider during the planing operation at all. In order to do these things, a new solution is going to be required, which we have an open issue to track the idea here #29182. |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
Current Terraform Version
1.10.0
Use-cases
As described in hashicorp/terraform-provider-vault#1221, I am facing an issue with looking up Vault secrets via data sources when running
planandapplymore than 15 minutes apart, where the provider authentication becomes outdated. I would like to force theapplycommand to perform the data source lookup, and to ensure that the provider credentials during theapplystep are what is used, even if a planfile is specified.Attempted Solutions
I am not sure where to start here
Proposal
Add a lifecycle parameter for data sources like
force_known_after_applyReferences
hashicorp/terraform-provider-vault#1221
The text was updated successfully, but these errors were encountered: