Comments (5)
This needs some review as Tags on namespace is an replace operation for the resource from the schema and it would fail with a resource with a custom name.
Opened an internal service ticket to review the schema around log_exports
and tags being a replace op.
from terraform-provider-awscc.
Thank you for opening the issue @hszalwinski .I can reproduce it and it does look like the ordering on the log_exports leading to a drift. Adding some additional details for further debugging.
Debug log
2024-07-30T18:04:18.156-0400 [DEBUG] provider.terraform-provider-awscc_v1.7.0_x5:
Detected value change between proposed new state and prior state:
@module=sdk.framework tf_req_id=0804e250-80f3-4008-8c50-77c82671d84e
@caller=github.com/hashicorp/[email protected]/internal/fwserver/server_planresourcechange.go:208
tf_attribute_path=log_exports
tf_provider_addr=registry.terraform.io/hashicorp/awscc
tf_resource_type=awscc_redshiftserverless_namespace
tf_rpc=PlanResourceChange timestamp=2024-07-30T18:04:18.156-0400
PlanResourceChange_Request_PriorState
{
"admin_password_secret_kms_key_id": null,
"admin_user_password": null,
"admin_username": "admin",
"db_name": null,
"default_iam_role_arn": null,
"final_snapshot_name": null,
"final_snapshot_retention_period": null,
"iam_roles": null,
"id": "hs-testing-123",
"kms_key_id": "AWS_OWNED_KMS_KEY",
"log_exports": [
"connectionlog",
"useractivitylog",
"userlog"
],
"manage_admin_password": null,
"namespace": {
"admin_password_secret_arn": null,
"admin_password_secret_kms_key_id": null,
"admin_username": "admin",
"creation_date": "2024-07-30T22:03:41.759Z",
"db_name": null,
"default_iam_role_arn": null,
"iam_roles": null,
"kms_key_id": "AWS_OWNED_KMS_KEY",
"log_exports": [
"connectionlog",
"useractivitylog",
"userlog"
],
"namespace_arn": "arn:aws:redshift-serverless:us-east-1:############:namespace/74e6ded1-fd65-43c3-b79a-76e9a18cde38",
"namespace_id": "74e6ded1-fd65-43c3-b79a-76e9a18cde38",
"namespace_name": "hs-testing-123",
"status": "AVAILABLE"
},
"namespace_name": "hs-testing-123",
"namespace_resource_policy": null,
"redshift_idc_application_arn": null,
"snapshot_copy_configurations": null,
"tags": [
{
"key": "environment",
"value": "test"
},
{
"key": "project",
"value": "hs-test"
},
{
"key": "terraform",
"value": "true"
},
{
"key": "workspace",
"value": "default"
}
]
}
PlanResourceChange_Request_ProposedNewState
{
"admin_password_secret_kms_key_id": null,
"admin_user_password": null,
"admin_username": "admin",
"db_name": null,
"default_iam_role_arn": null,
"final_snapshot_name": null,
"final_snapshot_retention_period": null,
"iam_roles": null,
"id": "hs-testing-123",
"kms_key_id": "AWS_OWNED_KMS_KEY",
"log_exports": [
"userlog",
"connectionlog",
"useractivitylog"
],
"manage_admin_password": null,
"namespace": {
"admin_password_secret_arn": null,
"admin_password_secret_kms_key_id": null,
"admin_username": "admin",
"creation_date": "2024-07-30T22:03:41.759Z",
"db_name": null,
"default_iam_role_arn": null,
"iam_roles": null,
"kms_key_id": "AWS_OWNED_KMS_KEY",
"log_exports": [
"connectionlog",
"useractivitylog",
"userlog"
],
"namespace_arn": "arn:aws:redshift-serverless:us-east-1:############:namespace/74e6ded1-fd65-43c3-b79a-76e9a18cde38",
"namespace_id": "74e6ded1-fd65-43c3-b79a-76e9a18cde38",
"namespace_name": "hs-testing-123",
"status": "AVAILABLE"
},
"namespace_name": "hs-testing-123",
"namespace_resource_policy": null,
"redshift_idc_application_arn": null,
"snapshot_copy_configurations": null,
"tags": [
{
"key": "environment",
"value": "test"
},
{
"key": "project",
"value": "hs-test"
},
{
"key": "terraform",
"value": "true"
},
{
"key": "workspace",
"value": "default"
}
]
}
PlanResourceChange_Response_PlannedState
{
"admin_password_secret_kms_key_id": "\u0000",
"admin_user_password": "\u0000",
"admin_username": "admin",
"db_name": "\u0000",
"default_iam_role_arn": "\u0000",
"final_snapshot_name": "\u0000",
"final_snapshot_retention_period": "\u0000",
"iam_roles": "\u0000",
"id": "hs-testing-123",
"kms_key_id": "AWS_OWNED_KMS_KEY",
"log_exports": [
"connectionlog",
"useractivitylog",
"userlog"
],
"manage_admin_password": "\u0000",
"namespace": {
"admin_password_secret_arn": null,
"admin_password_secret_kms_key_id": null,
"admin_username": "admin",
"creation_date": "2024-07-30T22:03:41.759Z",
"db_name": null,
"default_iam_role_arn": null,
"iam_roles": null,
"kms_key_id": "AWS_OWNED_KMS_KEY",
"log_exports": [
"connectionlog",
"useractivitylog",
"userlog"
],
"namespace_arn": "arn:aws:redshift-serverless:us-east-1:############:namespace/74e6ded1-fd65-43c3-b79a-76e9a18cde38",
"namespace_id": "74e6ded1-fd65-43c3-b79a-76e9a18cde38",
"namespace_name": "hs-testing-123",
"status": "AVAILABLE"
},
"namespace_name": "hs-testing-123",
"namespace_resource_policy": "\u0000",
"redshift_idc_application_arn": "\u0000",
"snapshot_copy_configurations": "\u0000",
"tags": [
{
"key": "environment",
"value": "test"
},
{
"key": "project",
"value": "hs-test"
},
{
"key": "terraform",
"value": "true"
},
{
"key": "workspace",
"value": "default"
}
]
}
from terraform-provider-awscc.
From the schema, insertionorder shouldn't be a factor.
"LogExports": {
"type": "array",
"insertionOrder": false,
"items": {
"$ref": "#/definitions/LogExport"
},
"maxItems": 16,
"minItems": 0
},
Statefile has
"instances": [
{
"schema_version": 1,
"attributes": {
"admin_password_secret_kms_key_id": null,
....
"log_exports": [
"userlog",
"connectionlog",
"useractivitylog"
],
"manage_admin_password": null,
"namespace": {
....
"log_exports": [
"connectionlog",
"useractivitylog",
"userlog"
],
from terraform-provider-awscc.
The get-resource response ( on refresh or subsequent plan/apply) shows the ordered list and hence provider is showing a drift.
aws cloudcontrol get-resource --type-name AWS::RedshiftServerless::Namespace --identifier "hs-testing-123" | jq .ResourceDescription.Properties
"{\"AdminUsername\":\"admin\",\"NamespaceName\":\"hs-testing-123\",\"IamRoles\":[],\"SnapshotCopyConfigurations\":[],\"KmsKeyId\":\"AWS_OWNED_KMS_KEY\",\"Namespace\":{\"Status\":\"AVAILABLE\",\"NamespaceName\":\"hs-testing-123\",\"AdminUsername\":\"admin\",\"CreationDate\":\"2024-07-30T22:20:59.326Z\",\"IamRoles\":[],\"NamespaceArn\":\"arn:aws:redshift-serverless:us-east-1:############:namespace/95549688-0f55-48ed-9a2b-744e0b33b4d4\",\"KmsKeyId\":\"AWS_OWNED_KMS_KEY\",\"NamespaceId\":\"95549688-0f55-48ed-9a2b-744e0b33b4d4\",\"LogExports\":[\"connectionlog\",\"useractivitylog\",\"userlog\"]},\"LogExports\":[\"connectionlog\",\"useractivitylog\",\"userlog\"]}"
translates to ..
"NamespaceId": "95549688-0f55-48ed-9a2b-744e0b33b4d4",
"LogExports": [
"connectionlog",
"useractivitylog",
"userlog"
]
},
"LogExports": [
"connectionlog",
"useractivitylog",
"userlog"
]
from terraform-provider-awscc.
The secondary issue on the tags being added in the patch operation when anything changes needs to be reviewed.
from terraform-provider-awscc.
Related Issues (20)
- awscc_cleanrooms_configured_table_association import fails at validation stage
- Upgrading awscc provider to anything more than 1.0.0 creates a new change in awscc_chatbot_slack_channel_configuration and times out on apply HOT 2
- awscc_rds_db_cluster: monitoring interval default value in schema prevents deployment HOT 4
- Build with Go 1.22.5
- awscc_datasync_location_s3: tag update fails deployment
- awscc_iam_role : drift with no changes when policy document is aws datasource HOT 2
- Delete operation on awscc_ec2_transit_gateway fails with generalserviceexception
- awscc_securityhub_finding_aggregator: change in region_linking_mode leads to failure when regions are listed in prior state HOT 3
- awscc_cleanrooms_collaboration: drift detected between subsequent terraform applies HOT 1
- awscc_cleanrooms_membership: optional result configuration is marked required HOT 3
- awscc_bedrock_guardrail PROMPT ATTACK content filter strength for response must be NONE HOT 1
- awscc_connect_instance support for admin user HOT 1
- Resource Suppression: `awscc_bedrock_flow`
- awscc_mediaconnect_flow_source: Provider returned invalid result object after apply HOT 3
- awscc_robomaker_fleet/awscc_robomaker_robot : deprecated in favor of IoT GreenGrass resources
- Resource Suppression: `awscc_cleanrooms_id_namespace_association`
- awscc_ecr_repository_creation_template: Error: Provider returned invalid result object after apply HOT 1
- Build with Go 1.22.6
- awscc_glue_trigger: Plan fails with tag object expected to be string type
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from terraform-provider-awscc.