Terraform apply is failing with the following error.
Error: failed to update default password policy: the API returned an error: Cannot modify the priority attribute because it is read-only.
- Terraform
- Okta Default Password Policy Resource (okta_policy_password_default)
- Okta Identity Engine (OIE)
The okta_policy_password_default resource does not allow its priority to be manually changed. Typically this issue happens when Terraform imports the default password policy which will set the current priority of the policy in the local Terraform state. If a password policy is added/removed outside of Terraform, the default policy priority may get updated.
The next time Terraform runs, where the okta_policy_password_default resource has been updated, the update will fail since the provider is sending a different priority than what is current in Okta.
To recover use one of the following:
- Terraform -replace (preferred):
terraform apply -replace=okta_policy_password_default.{resource_name}
- Manually Modify the Terraform state file:
- Retrieve the current priority for okta_policy_password_default using the Okta Management API or from the Admin Console.
- Edit the Terraform state file and search for okta_policy_password_default.
- Modify the priority in the state file to match the value returned by the Okta Management API, and then run the Terraform job again.
...
{
"mode": "managed",
"type": "okta_policy_password_default",
"name": "this",
"provider": "provider[\"registry.terraform.io/okta/okta\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
...
"password_show_lockout_failures": false,
"priority": 12, <-- {{Change to Match Current Value}}
"question_min_length": 4,
...
"status": "ACTIVE"
},
"sensitive_attributes": [],
"private": "bnVsbA=="
}
]
}
...
Related References
