Consul Provider Unable to Read Role that exists

[reskin89]

Terraform Version

Terraform v1.1.0

Consul Provider Version 2.19.0

Consul Server Version 1.16.3

Affected Resource(s)

Please list the resources as a list, for example:

• consul_acl_role

Every role I have that's created in a loop.

Terraform Configuration Files

resource "consul_acl_role" "management" {
  for_each    = var.team
  name        = each.key
  description = "Management role for ${each.key}"

  policies = []

  lifecycle {
    ignore_changes = ["policies"]
 }

Debug Output

Please note, all operations are performed against the same CONSUL_HTTP_ADDR with the same CONSUL_HTTP_TOKEN, so it is not a permissions issue, in which this error (403 acl not found) seems to appear in at times.

± # terraform state show consul_acl_role.management["REDACTED"]                                                                                                 
# consul_acl_role.management["REDACTED"]:
resource "consul_acl_role" "management" {
    description = "Management role"
    id          = "aabba91d-8ca1-380f-de55-a5948e45f1ea"
    name        = "REDACTED"
    policies    = []
}

2023-12-15T19:54:58.969Z [DEBUG] provider.terraform-provider-consul_v2.19.0_x4: 2023/12/15 19:54:58 [INFO] Consul Client configured with address: 'REDACTED:8501', scheme: 'https', datacenter: '', insecure_https: 'true'
2023-12-15T19:54:59.172Z [ERROR] vertex "consul_acl_role.management["REDACTED"]" error: failed to read role 'aabba91d-8ca1-380f-de55-a5948e45f1ea': Unexpected response code: 403 (rpc error making call: ACL not found)
2023-12-15T19:54:59.173Z [ERROR] vertex "consul_acl_role.management" error: failed to read role 'aabba91d-8ca1-380f-de55-a5948e45f1ea': Unexpected response code: 403 (rpc error making call: ACL not found)
2023-12-15T19:54:59.173Z [ERROR] vertex "consul_acl_role.management (expand)" error: failed to read role 'aabba91d-8ca1-380f-de55-a5948e45f1ea': Unexpected response code: 403 (rpc error making call: ACL not found)

│ Error: failed to read role 'aabba91d-8ca1-380f-de55-a5948e45f1ea': Unexpected response code: 403 (rpc error making call: ACL not found)
│ 
│   with consul_acl_role.management["REDACTED"],
│   on main.tf line 26, in resource "consul_acl_role" "management":
│   26: resource "consul_acl_role" "management" {
│ 
╵

but if I read that ID:

~ consul acl role read -id=aabba91d-8ca1-380f-de55-a5948e45f1ea                                                                                                                       

ID:           aabba91d-8ca1-380f-de55-a5948e45f1ea
Name:         REDACTED
Description:  Management role for REDACTED
Policies:
   8e2dd209-fc12-be0b-bf51-c4931db18bf0 - Management-Policy
   2a2a1d63-06d2-06f7-3862-ec2354e0d4e7 - Management-Policy

Expected Behavior

The role should have been read properly by the provider.

Actual Behavior

I have a role that exists in all of my consul datacenters, that was created by terraform.

For some reason I'm getting a 403 ACL Not Found back from consul, which is usually a permissions issue, when it refreshes state and attempts to do a read on the role.

However, in the same shell, with the same environment variables, I can perform a consul acl role read -id=<ID From TF State> and it returns just fine with the role in question, so I'm not sure what's getting lost in translation here.

Steps to Reproduce

1. create a consul_acl_role resource
2. attempt to modify or run another plan on that resource