fix(resource/iam_idp_openid): allow unknown value for client_secret_wo during plan (#900)

aminueza · web-flow · commit 372e48c93732 · 2026-04-16T17:25:25.000-03:00
Same issue as #898 (fixed by #899) but for the OpenID resource. The plan-time checks treated ephemeral/unknown values as missing, breaking write-only secret rotation from Vault. Schema RequiredWith and the apply-time check in Update keep the safety net intact. Co-authored-by: aminueza <aminueza@users.noreply.github.com>
diff --git a/minio/resource_minio_iam_idp_openid.go b/minio/resource_minio_iam_idp_openid.go
@@ -38,16 +38,6 @@ func resourceMinioIAMIdpOpenId() *schema.Resource {
 				return fmt.Errorf("one of client_secret or client_secret_wo must be provided")
 			}
 
-			_, hasVersionWO := d.GetOk("client_secret_wo_version")
-			if hasSecretWO && !hasVersionWO {
-				return fmt.Errorf("client_secret_wo_version must be provided when client_secret_wo is set")
-			}
-
-			hasSecretWOVersionChange := d.HasChange("client_secret_wo_version") && hasVersionWO
-			if hasSecretWOVersionChange && !hasSecretWO {
-				return fmt.Errorf("client_secret_wo must be provided when client_secret_wo_version changes")
-			}
-
 			return nil
 		},
 		Schema: map[string]*schema.Schema{
