Kubernetes provider does not detect if cluster is recreated at runtime

[TonyLunt]

It appears that the Kubernetes provider does not update if the connection info changes at runtime.

As an example, if an AKS cluster is built with the azurerm provider, and a change is made that requires the cluster to be rebuilt, any downstream Kubernetes resources are not recreated.

Terraform Version

0.11.14

Affected Resource(s)

• all Kubernetes provider resources

Terraform Configuration Files

resource "azurerm_kubernetes_cluster" "test" {
  name                = "foo-aks"
  location            = "${azurerm_resource_group.test.location}"
  resource_group_name = "${azurerm_resource_group.test.name}"
  dns_prefix          = "fooaks"

  agent_pool_profile {
    name            = "default"
    count           = 1
    vm_size         = "Standard_DS4_v2"
    os_type         = "Linux"
    os_disk_size_gb = 30
  }

  service_principal {
    client_id     = "${azuread_application.test.application_id}"
    client_secret = "${azuread_service_principal_password.test.value}"
  }
}

provider "kubernetes" {
  host                   = "${azurerm_kubernetes_cluster.test.kube_config.0.host}"
  client_certificate     = "${base64decode(azurerm_kubernetes_cluster.test.kube_config.0.client_certificate)}"
  client_key             = "${base64decode(azurerm_kubernetes_cluster.test.kube_config.0.client_key)}"
  cluster_ca_certificate = "${base64decode(azurerm_kubernetes_cluster.test.kube_config.0.cluster_ca_certificate)}"
}

resource "kubernetes_namespace" "test" {
  metadata {
    name = "test"
  }
}

##PLUMBING STUFF
resource "azurerm_resource_group" "test" {
  name     = "foo-rg"
  location = "East US"
}

resource "azuread_application" "test" {
  name                       = "foo-app"
}

resource "azuread_service_principal" "test" {
  application_id = "${azuread_application.test.application_id}"
}

resource "azuread_service_principal_password" "test" {
  service_principal_id = "${azuread_service_principal.test.id}"
  value                = "${random_string.test.result}"
  end_date             = "2029-01-03T01:02:00Z"
}

resource "random_string" "test" {
  length  = 32
  special = false
}

Debug Output

https://gist.github.com/TonyLunt/f8b8e3288048a7681e3f1081ade785df

Expected Behavior

If the azurerm_kubernetes_cluster.test resource is tainted, or a change is made that requires the cluster to be rebuilt, the downstream Kubernetes resources should also be slated for recreation when a plan is generated.

Actual Behavior

The Kubernetes resources do not get recreated.

Steps to Reproduce

1. terraform taint azurerm_kubernetes_cluster.test
2. terraform plan

[paultyng]

This seems like the upstream progressive apply issue: hashicorp/terraform#4149

You cannot currently (reliably) chain together a provider's config with the output of a resource.