bug: Why does vault_kv_secret_v2 need metadata access? First apply fails, second works #31582
Description
Hi folks,
I'm using terraform with Vault KV v2 to manage secrets. When I try to update a secret for the first time, I get the following error:
vault_kv_secret_v2.user: Modifying... [id=xxxx/data/]
╷
│ Error: error writing custom metadata to xxxx/metadata/xxxx, err=Error making API request.
│
│ URL: PUT v1/xxxx/metadata/xxxx
│ Code: 403. Errors:
│
│ * 1 error occurred:
│ * permission denied
│
│
│ with vault_kv_secret_v2.user,
│ on main.tf line 49, in resource "vault_kv_secret_v2" "user":
│ 49: resource "vault_kv_secret_v2" "user" {
Interestingly, if I try the same operation a second time, it succeeds.Why does vault_kv_secret_v2 require access to the metadata/... path even if I’m only updating a secret under data/...?