Comments (5)
wellsiau-aws
commented on June 28, 2024
1
interesting note, the debug log here indicates that this is a createOnlyProperties : #1804 (comment)
but the provider only marked it as writeOnlyProperties : https://github.com/hashicorp/terraform-provider-awscc/blob/main/internal/aws/datazone/project_resource_gen.go#L229-L231
for background, this PR addresses the problem when trying to update resource with writeOnlyProperties, however we don't account for situation where resource attribute are both createOnlyProperties and writeOnlyProperties. cc @ewbankkit as FYI.
that said, I would argue for this particular attribute domain_identifier, there is no reason why it should be both createOnlyProperties and writeOnlyProperties. I consider this as upstream-aws issue , cc @quixoticmonk
from terraform-provider-awscc.
nsb413
commented on June 28, 2024
Cloud Trail error
"errorCode": "NotUpdatableException",
"errorMessage": "Invalid patch update: createOnlyProperties [/properties/DomainIdentifier] cannot be updated",
"requestParameters": {
"typeName": "AWS::DataZone::Project",
"clientToken": "terraform-xxxxx",
"identifier": "dzd_xxx|xxx",
"patchDocument": "HIDDEN_DUE_TO_SECURITY_REASONS"
},
"errorCode": "NotUpdatableException",
"errorMessage": "Invalid patch update: createOnlyProperties [/properties/DomainIdentifier, /properties/EnvironmentBlueprintIdentifier, /properties/ProjectIdentifier] cannot be updated",
"requestParameters": {
"typeName": "AWS::DataZone::EnvironmentProfile",
"clientToken": "terraform-xxx",
"identifier": "dzd_xxx|xxx",
"patchDocument": "HIDDEN_DUE_TO_SECURITY_REASONS"
},
from terraform-provider-awscc.
quixoticmonk
commented on June 28, 2024
Thank you for opening the issue @nsb413 . This is reproducible across the inputs for the datazone_project if you add a new input into the existing project like description. The patch submitted seems to be have an add on DomainIdentifier which is a readonly parameter in this context.
Primary apply
resource "awscc_datazone_domain" "example" {
name = "example"
domain_execution_role = awscc_iam_role.example.arn
description = "Datazone domain example"
tags = [{
key = "Modified By"
value = "AWSCC"
}]
}
resource "awscc_iam_role" "example" {
path = "/service-role/"
assume_role_policy_document = jsonencode({
"Version" : "2012-10-17",
"Statement" : [
{
"Effect" : "Allow",
"Principal" : {
"Service" : "datazone.amazonaws.com"
},
"Action" : [
"sts:AssumeRole",
"sts:TagSession"
],
"Condition" : {
"StringEquals" : {
"aws:SourceAccount" : "############"
},
"ForAllValues:StringLike" : {
"aws:TagKeys" : "datazone*"
}
}
}
]
})
managed_policy_arns = ["arn:aws:iam::aws:policy/service-role/AmazonDataZoneDomainExecutionRolePolicy"]
}
resource "awscc_datazone_project" "engineering_project" {
domain_identifier = awscc_datazone_domain.example.id
name = "example"
description = "test"
}
Update to description
resource "awscc_datazone_domain" "example" {
name = "example"
domain_execution_role = awscc_iam_role.example.arn
description = "Datazone domain example"
tags = [{
key = "Modified By"
value = "AWSCC"
}]
}
resource "awscc_iam_role" "example" {
path = "/service-role/"
assume_role_policy_document = jsonencode({
"Version" : "2012-10-17",
"Statement" : [
{
"Effect" : "Allow",
"Principal" : {
"Service" : "datazone.amazonaws.com"
},
"Action" : [
"sts:AssumeRole",
"sts:TagSession"
],
"Condition" : {
"StringEquals" : {
"aws:SourceAccount" : "############"
},
"ForAllValues:StringLike" : {
"aws:TagKeys" : "datazone*"
}
}
}
]
})
managed_policy_arns = ["arn:aws:iam::aws:policy/service-role/AmazonDataZoneDomainExecutionRolePolicy"]
}
resource "awscc_datazone_project" "engineering_project" {
domain_identifier = awscc_datazone_domain.example.id
name = "example"
description = "test2"
}
2024-06-18T18:43:36.400-0400 [DEBUG] provider.terraform-provider-awscc_v1.2.0_x5:
Cloud Control API PatchDocument:
tf_resource_type=awscc_datazone_project tf_rpc=ApplyResourceChange value=
"[{\"op\":\"replace\",\"path\":\"/Description\",\"value\":\"test2\"},
{\"op\":\"add\",\"path\":\"/DomainIdentifier\",\"value\":\"dzd_agj6le0jcahgdj\"}]"
tf_req_id=e53f4089-087c-ad1e-97c6-1522089294ca
cfn_type=AWS::DataZone::Project
tf_provider_addr=registry.terraform.io/hashicorp/awscc
@caller=github.com/hashicorp/terraform-provider-awscc/internal/generic/resource.go:583
@module=awscc timestamp=2024-06-18T18:43:36.400-0400
from terraform-provider-awscc.
quixoticmonk
commented on June 28, 2024
Project
aws cloudcontrol get-resource --type-name AWS::DataZone::Project --identifier "dzd_agj6le0jcahgdj|bbb31gudr8knc7"
{
"TypeName": "AWS::DataZone::Project",
"ResourceDescription": {
"Identifier": "dzd_agj6le0jcahgdj|bbb31gudr8knc7",
"Properties": "{\"CreatedBy\":\"4314c73f-1073-4c71-8ba8-fe450cd4b91e\",\"Description\":\"test\",
\"DomainId\":\"dzd_agj6le0jcahgdj\",
\"LastUpdatedAt\":\"2024-06-18T22:42:03.297315197Z\",\"GlossaryTerms\":[],\"CreatedAt\":\"2024-06-18T22:42:03.297315197Z\",\"Id\":\"bbb31gudr8knc7\",\"Name\":\"example\"}"
}
}
Domain
aws cloudcontrol get-resource --type-name AWS::DataZone::Domain --identifier "dzd_agj6le0jcahgdj"
{
"TypeName": "AWS::DataZone::Domain",
"ResourceDescription": {
"Identifier": "dzd_agj6le0jcahgdj",
"Properties": "{\"DomainExecutionRole\":\"arn:aws:iam::############:role/service-role/ioQ3tH2agTFXxQ0Vlb5zz4MgY-2GWpdQSr3ufi\",
\"Status\":\"AVAILABLE\",\"Description\":\"Datazone domain example\",
\"LastUpdatedAt\":\"2024-06-18T22:23:32.095Z\",
\"PortalUrl\":\"https://dzd_agj6le0jcahgdj.datazone.us-east-1.on.aws\",
\"CreatedAt\":\"2024-06-18T22:23:31.967Z\",\"Id\":\"dzd_agj6le0jcahgdj\",\"Arn\":\"arn:aws:datazone:us-east-1:############:domain/dzd_agj6le0jcahgdj\",\"ManagedAccountId\":\"\",\"Tags\":[{\"Value\":\"AWSCC\",\"Key\":\"Modified By\"}],\"Name\":\"example\",\"SingleSignOn\":{\"Type\":\"DISABLED\"}}"
}
}
from terraform-provider-awscc.
quixoticmonk
commented on June 28, 2024
Opened an internal ticket with the service team to review the schema and property.
from terraform-provider-awscc.
Related Issues (20)
- awscc_rds_db_cluster does not support aurora-postgresql engine due to forced backtrack_window HOT 1
- The plugin6.(*GRPCProvider).ConfigureProvider request was cancelled. HOT 1
- AWSCC provider now panics if 'optional' duration not set in assume-role HOT 1
- Resource `awscc_rds_db_instance` cannot create DB instance due to forced promotion_tier HOT 1
- Query on Support for Pod-Level Actions in EKS Clusters via AWS FIS HOT 4
- awscc_ecr_repository_creation_template: response fields are null after creation failing run HOT 1
- awscc_lightsail_database: Database deleted but provider returns an InvalidRequest error on destroy
- awscc_lightsail_instance: Perpetual changes on apply without config change, update does not complete HOT 1
- awscc_lightsail_certificate: Dummy resource description presumably obtained from CloudFormation schema HOT 2
- awscc_lightsail_alarm: Wrong description for the `monitored_resource_name` argument HOT 2
- awscc_autoscaling_auto_scaling_group - vpc_zone_identifer values order can triggers drift
- awscc_batch_scheduling_policy: weightfactor returned by CloudControl API doesn't match configuration/console HOT 1
- awscc_securityhub_configuration_policy: Creation fails with InvalidRequest even with all attrs/args provided HOT 2
- Add incrementalRunConfig to awscc_entityresolution_matching_workflow HOT 1
- awscc_ecr_repository_creation_template aws api return 400; The type 'AWS::ECR::RepositoryCreationTemplate' cannot be found. HOT 7
- Custom service endpoint configuration HOT 1
- Create Terraform for AWS APIs Related to Amazon QuickSight Export / Import Job(s) HOT 2
- When the tags in awscc_chatbot_slack_channel_configuration are not set,apply does not finish. HOT 4
- Build with Go v1.22.4
- awscc_sagemaker_domain stuck in modifying state on consecutive applies
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from terraform-provider-awscc.