diff --git a/rfc/terraform-provider.md b/rfc/terraform-provider.md index cb1d8666833..1945cc607c9 100644 --- a/rfc/terraform-provider.md +++ b/rfc/terraform-provider.md @@ -86,7 +86,9 @@ The `constellation_cluster` resource is the main resource implemented by the pro It declares a Constellation cluster with a specific configuration. Applying it will create the cluster if not existing, upgrade the cluster when the changes can be performed in place (e.g. K8s / node image / microservice update) *or* recreate the resource when the update can't be performed in-place (e.g. changing the master secret), update it with the according configuration if already existing, -or deletes it if not present in the configuration but in the state. +or deletes it if not present in the configuration but in the state. If resource recreation is necessary (i.e. if the resources cannot be updated in-place), an +[error](https://developer.hashicorp.com/terraform/plugin/framework/migrating/attributes-blocks/force-new#framework) is thrown that indicates that content on previously created +persistent volumes (encrypted with the old mastersecret) cannot be retrieved with the post-recreation / new mastersecret. The "constellation_attestation" and "constellation_image" objects are [data sources](https://developer.hashicorp.com/terraform/language/data-sources), which are objects that should be evaluated by the Provider each time the state is refreshed (i.e. each time any Terraform command that evaluates configuration against state),