terraform-provider-awscc icon indicating copy to clipboard operation
terraform-provider-awscc copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

awscc_datazone_project : update operation fails with missing domain identifier when description is added

Open quixoticmonk opened this issue 10 months ago • 2 comments

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment
  • The resources and data sources in this provider are generated from the CloudFormation schema, so they can only support the actions that the underlying schema supports. For this reason submitted bugs should be limited to defects in the generation and runtime code of the provider. Customizing behavior of the resource, or noting a gap in behavior are not valid bugs and should be submitted as enhancements to AWS via the CloudFormation Open Coverage Roadmap.

Terraform CLI and Terraform AWS Cloud Control Provider Version

terraform --version
Terraform v1.7.4
on darwin_amd64

Provider version : v0.74.0

Affected Resource(s)

  • awscc_datazone_project

Terraform Configuration Files

Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.


resource "awscc_datazone_domain" "this" {
  name                  = "exampl-test"
  domain_execution_role = awscc_iam_role.awscc_datazone_role.arn
  description           = "Datazone domain example"


  tags = [{
    key   = "Modified By"
    value = "AWSCC"
  }]
}

resource "awscc_iam_role" "awscc_datazone_role" {
  path = "/service-role/"
  assume_role_policy_document = jsonencode({
    "Version" : "2012-10-17",
    "Statement" : [
      {
        "Effect" : "Allow",
        "Principal" : {
          "Service" : "datazone.amazonaws.com"
        },
        "Action" : [
          "sts:AssumeRole",
          "sts:TagSession"
        ],
        "Condition" : {
          "StringEquals" : {
            "aws:SourceAccount" : data.aws_caller_identity.current.account_id
          },
          "ForAllValues:StringLike" : {
            "aws:TagKeys" : "datazone*"
          }
        }
      }
    ]
  })
  managed_policy_arns = ["arn:aws:iam::aws:policy/service-role/AmazonDataZoneDomainExecutionRolePolicy"]
}

data "aws_caller_identity" "current" {}


resource "awscc_datazone_project" "example" {
  domain_identifier = awscc_datazone_domain.this.id
  name              = "example"

}

Debug Output

Panic Output

Expected Behavior

The datazone project should be updated with the description provided as an update to the initial configuration.

Actual Behavior

The second terraform apply fails with the below message.

╷
│ Error: AWS SDK Go Service Operation Unsuccessful
│
│   with awscc_datazone_project.example,
│   on main.tf line 44, in resource "awscc_datazone_project" "example":
│   44: resource "awscc_datazone_project" "example" {
│
│ Calling Cloud Control API service UpdateResource operation returned: operation
│ error CloudControl: UpdateResource, https response error StatusCode: 400,
│ RequestID: 3a91ce1b-9f8e-4d17-ac8c-1146c7ac5610, api error
│ ValidationException: Model validation failed (#: required key
│ [DomainIdentifier] not found
│ #/GlossaryTerms: expected minimum item count: 1, found: 0)
  • The domain identiifer is unchanged in the configuration.
  • Terraform state doesn't have a DomainIdentifier.
  • GlossaryTerms is not added in the original configuration and is not a required input to the create/update_project in sdk.

Steps to Reproduce

  1. terraform apply on the initial configuration.
  2. terraform apply on updated configuration with description added.

resource "awscc_datazone_domain" "this" {
  name                  = "exampl-test"
  domain_execution_role = awscc_iam_role.awscc_datazone_role.arn
  description           = "Datazone domain example"


  tags = [{
    key   = "Modified By"
    value = "AWSCC"
  }]
}

resource "awscc_iam_role" "awscc_datazone_role" {
  path = "/service-role/"
  assume_role_policy_document = jsonencode({
    "Version" : "2012-10-17",
    "Statement" : [
      {
        "Effect" : "Allow",
        "Principal" : {
          "Service" : "datazone.amazonaws.com"
        },
        "Action" : [
          "sts:AssumeRole",
          "sts:TagSession"
        ],
        "Condition" : {
          "StringEquals" : {
            "aws:SourceAccount" : data.aws_caller_identity.current.account_id
          },
          "ForAllValues:StringLike" : {
            "aws:TagKeys" : "datazone*"
          }
        }
      }
    ]
  })
  managed_policy_arns = ["arn:aws:iam::aws:policy/service-role/AmazonDataZoneDomainExecutionRolePolicy"]
}

data "aws_caller_identity" "current" {}


resource "awscc_datazone_project" "example" {
  domain_identifier = awscc_datazone_domain.this.id
  name              = "example"
  description = "Example datazone project"

}

Important Factoids

References

quixoticmonk avatar Apr 20 '24 15:04 quixoticmonk

Note :

  • Below change is not identified as a change.
    • Create a datazone_project with description. Perform terraform apply
    • Remove the description from the configuration. Perform terraform apply
    • No changes. Your infrastructure matches the configuration.

quixoticmonk avatar Apr 20 '24 16:04 quixoticmonk