[Bug]: max_age field not deleted from resource

[mchorvat3ipk]

Terraform Core Version

v1.9.6

Terraform Vault Provider Version

v4.4.0

Vault Server Version

1.17.6

Affected Resource(s)

No response

Expected Behavior

The vault_jwt_auth_backend_role resource shoud be the same after removing the 'max_age' field.

Actual Behavior

described in Steps to Reproduce

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

resource "vault_jwt_auth_backend_role" "google" {
role_name = "google"
user_claim = "email" # users are mapped by uniq id from google
backend = vault_jwt_auth_backend.google.path
role_type = vault_jwt_auth_backend.google.type
bound_audiences = [var.oauth_client_id]
allowed_redirect_uris = ["${var.vault_addr}/ui/vault/auth/oidc/oidc/callback"]

access to email info

oidc_scopes = ["openid", "email"]
claim_mappings = { "email" = "email" }

assignes vault policies (by name)

token_policies = ["default_google"]

Set token TTL to 1 day (24 hours)

token_ttl = 86400

token_max_ttl = 86400

Specifies the allowable elapsed time in seconds

since the last time the user was actively authenticated with the OIDC provider.

max_age = 0

when setting max_age, and then removing, the whole resource needs to be deleted and then created again

depends_on = [vault_jwt_auth_backend.google]
}

Steps to Reproduce

Uncomment max_age, terrafrom apply, comment out max_age, terrafrom apply.

This the last apply does not remove the max_age from the resource, and the whole resource needs to be removed and created again, in order to make the login working again.

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

No