Description
Describe the bug
Whenever the avi_cloudconnectoruser resource includes a vcenter_credentials or nsxt_credentials block, Terraform repeatedly detects changes on each plan or apply run. Although the configuration remains unchanged, the plan output still indicates a removal and addition of the block, prompting unnecessary in-place updates.
I have attempted to add lifecycle to ignore some other values on the resource without success.
lifecycle {
ignore_changes = [ private_key, public_key ]
}I'd assume the underlying issue may be related to #619; though what differs here is that the actual password is not obfuscated in state (which is what I would expect).
Reproduction steps
- Include a
avi_cloudconnectoruserresource in your Terraform configuration that defines avcenter_credentialsornsxt_credentialsblock. - Run terraform apply to create the resource.
- Execute terraform plan again without modifying the configuration.
- Observe that Terraform flags the credentials block for an in-place update, even though no actual modifications were made.
terraform {
required_providers {
avi = {
source = "vmware/avi"
version = "30.2.2"
}
}
}
provider "avi" {
avi_username = "USER"
avi_password = "PASSWORD"
avi_controller = "avicontroller.contoso.com"
avi_tenant = "admin"
avi_version = "30.2.2"
}
resource "avi_cloudconnectoruser" "vcenter" {
name = "vcenter"
vcenter_credentials {
username = "VCENTER_USER"
password = "VCENTER_PASSWORD"
}
}
resource "avi_cloudconnectoruser" "nsx" {
name = "nsx"
nsxt_credentials {
username = "NSX_USER"
password = "NSX_PASSWORD"
}
}
Expected behavior
Terraform should only report a difference in the credentials block if there is an actual change in that configuration. If nothing has been altered, no in-place update should be triggered.
Additional context
Environment:
- Terraform v1.8.0
- terraform-provider-avi v30.2.2
- AVI 30.2.2