terraform-provider-awscc
terraform-provider-awscc copied to clipboard
Published
20 hours ago •
hashicorp
hashicorp
awscc_codeartifact_domain : schema issue
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
- The resources and data sources in this provider are generated from the CloudFormation schema, so they can only support the actions that the underlying schema supports. For this reason submitted bugs should be limited to defects in the generation and runtime code of the provider. Customizing behavior of the resource, or noting a gap in behavior are not valid bugs and should be submitted as enhancements to AWS via the CloudFormation Open Coverage Roadmap.
Terraform CLI and Terraform AWS Cloud Control Provider Version
- AWSCC provider : v0.75.0
- Terraform CLI : v1.7.4
Affected Resource(s)
- awscc_codeartifact_domain
Terraform Configuration Files
The current documentation for codeartifact_domain doesn't support providing an encryption key to the codeartifact domain.
- Initial configuration :
resource "awscc_codeartifact_domain" "example" {
domain_name = "example"
encryption_key = aws_kms_key.example.arn
tags = [
{
key = "ModifiedBy"
value = "AWSCC"
}
]
}
The schema json has EncryptionKey as an available input. Somehow EncryptionKey is in createOnlyProperties and readOnlyProperties.
"required": [
"DomainName"
],
"createOnlyProperties": [
"/properties/DomainName",
"/properties/EncryptionKey"
],
"readOnlyProperties": [
"/properties/Owner",
"/properties/Name",
"/properties/EncryptionKey",
"/properties/Arn"
],
- Cloudformation example Reference: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-codeartifact-domain.html#aws-resource-codeartifact-domain--examples--Create_a_domain_with_an_encryption_key_and_IAM_resource-based_policy
Resources:
MyCodeArtifactDomain:
Type: 'AWS::CodeArtifact::Domain'
Properties:
DomainName: "my-domain"
EncryptionKey: arn:aws:kms:us-west-2:123456789012:key/12345678-9abc-def1-2345-6789abcdef12
PermissionsPolicyDocument:
Debug Output
Panic Output
Expected Behavior
Actual Behavior
The error message below shows up when running a terraform plan.
│ Error: Invalid Configuration for Read-Only Attribute
│
│ with awscc_codeartifact_domain.example,
│ on main.tf line 7, in resource "awscc_codeartifact_domain" "example":
│ 7: encryption_key = aws_kms_key.example.arn
│
│ Cannot set value for this attribute as the provider has marked it as read-only.
│ Remove the configuration line setting the value.
│
│ Refer to the provider documentation or contact the provider developers for additional
│ information about configurable and read-only attributes that are supported.
Steps to Reproduce
-
terraform apply
Important Factoids
References
This might be an upstream issue as the Properties do not define an encryption property.
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-codeartifact-domain.html#aws-resource-codeartifact-domain-properties