Seems that the credhub terraform plugin does not retrieve value version from credhub (ie: value has been updated with credhub cli, the plugin seem to retrieve a previous version)
data "credhub_value" "intranet_interco_ips_net_id" {
name = "/secrets/intranet_interco_ips_net_id"
}
$ credhub get --name="/secrets/intranet_interco_ips_net_id"
id: b798d461-8907-4f84-b0c2-386cef9a5fb0
name: /secrets/intranet_interco_ips_net_id
type: value
value: 0130df67-7374-458a-b9c1-265892e7190d
version_created_at: 2018-02-26T09:44:39Z
+ terraform version
Terraform v0.11.2
+ provider.credhub v0.10.0
Your version of Terraform is out of date! The latest version
is 0.11.3. You can update by downloading from www.terraform.io/downloads.html
+ pwd
+ CURRENT_DIR=/tmp/build/6d6ccb0c
+ find secret-state-resource/master-depls/terraform-config -type f -exec cp {} generated-files/ ;
+ find terraform-tfvars -type f -exec cp {} generated-files/ ;
+ find spec-resource/master-depls/terraform-config/spec -mindepth 1 -maxdepth 1 -exec cp --verbose -r {} spec-applied/ ;
'spec-resource/master-depls/terraform-config/spec/intranet-interco-vrrp-ports.tf' -> 'spec-applied/intranet-interco-vrrp-ports.tf'
PROVIDER_CREDHUB_VERSION=0.10.0
TERRAFORM_ZIP=terraform_0.11.2_linux_amd64.zip
SPEC_PATH=master-depls/terraform-config/spec
....
21172 /.terraform/plugins/linux_amd64/terraform-provider-credhub_v0.10.0
...
288548 /.terraform/plugins/linux_amd64
288552 /.terraform/plugins
288556 /.terraform
+ terraform init -input=false -upgrade -get-plugins=false -plugin-dir=/.terraform/plugins/linux_amd64 ../spec-applied/
Initializing provider plugins...
The following providers do not have any version constraints in configuration,
so the latest version was installed.
To prevent automatic upgrades to new major versions that may contain breaking
changes, it is recommended to add version = "..." constraints to the
corresponding provider blocks in configuration, with the constraint strings
suggested below.
* provider.credhub: version = "~> 0.10"
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
+ terraform plan -input=false ../spec-applied/
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
data.credhub_value.intranet_interco_ips_net_id: Refreshing state...
------------------------------------------------------------------------
No changes. Infrastructure is up-to-date.
This means that Terraform did not detect any differences between your
configuration and real physical resources that exist. As a result, no
actions need to be performed.
{
"version": 3,
"terraform_version": "0.11.2",
"serial": 1,
"lineage": "a7040192-db17-42d7-a37c-337f1393fb09",
"modules": [
{
"path": [
"root"
],
"outputs": {},
"resources": {
...
"data.credhub_value.intranet_interco_ips_net_id": {
"type": "credhub_value",
"depends_on": [],
"primary": {
"id": "bc987039-2276-43df-b333-5b5e3ce1266b",
"attributes": {
"id": "bc987039-2276-43df-b333-5b5e3ce1266b",
"name": "/secrets/intranet_interco_ips_net_id",
"type": "value",
"value": "43acffd0-a978-4ad5-a1a9-f9b70365bb72"
},
"meta": {},
"tainted": false
},
"deposed": [],
"provider": "provider.credhub"
},
By the way, the value seem to be stored in terraform tfstate. Is it required ? (as credhub offers update timestamp, guess the plugin could check freshness without storing the credhub values).