From dd3896c03d7d126d542dbf145840d52f74e84927 Mon Sep 17 00:00:00 2001
From: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Date: Wed, 22 Nov 2023 09:19:59 +0100
Subject: [PATCH] rfc: warn about PVs on recreation

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
---
 rfc/terraform-provider.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/rfc/terraform-provider.md b/rfc/terraform-provider.md
index cb1d866683..1945cc607c 100644
--- a/rfc/terraform-provider.md
+++ b/rfc/terraform-provider.md
@@ -86,7 +86,9 @@ The `constellation_cluster` resource is the main resource implemented by the pro
 It declares a Constellation cluster with a specific configuration.
 Applying it will create the cluster if not existing, upgrade the cluster when the changes can be performed in place (e.g. K8s / node image / microservice update) *or*
 recreate the resource when the update can't be performed in-place (e.g. changing the master secret), update it with the according configuration if already existing,
-or deletes it if not present in the configuration but in the state.
+or deletes it if not present in the configuration but in the state. If resource recreation is necessary (i.e. if the resources cannot be updated in-place), an
+[error](https://developer.hashicorp.com/terraform/plugin/framework/migrating/attributes-blocks/force-new#framework) is thrown that indicates that content on previously created
+persistent volumes (encrypted with the old mastersecret) cannot be retrieved with the post-recreation / new mastersecret.
 
 The "constellation_attestation" and "constellation_image" objects are [data sources](https://developer.hashicorp.com/terraform/language/data-sources),
 which are objects that should be evaluated by the Provider each time the state is refreshed (i.e. each time any Terraform command that evaluates configuration against state),