terraform-provider-awscc icon indicating copy to clipboard operation
terraform-provider-awscc copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

awscc_lambda_function - unchanged configuration triggers drift on terraform plan

Open wellsiau-aws opened this issue 7 months ago • 0 comments

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment
  • The resources and data sources in this provider are generated from the CloudFormation schema, so they can only support the actions that the underlying schema supports. For this reason submitted bugs should be limited to defects in the generation and runtime code of the provider. Customizing behavior of the resource, or noting a gap in behavior are not valid bugs and should be submitted as enhancements to AWS via the CloudFormation Open Coverage Roadmap.

Terraform CLI and Terraform AWS Cloud Control Provider Version

Affected Resource(s)

  • awscc_lambda_function

Terraform Configuration Files

Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.

resource "awscc_lambda_function" "main" {
  function_name = "lambda_function_name"
  description   = "AWS Lambda function"
  code = {
    zip_file = <<EOF
def lambda_handler(event,context):
  print("Hello World!")
  return 
EOF
  }
  package_type  = "Zip"
  handler       = "main.lambda_handler"
  runtime       = "python3.10"
  timeout       = "300"
  memory_size   = "128"
  role          = awscc_iam_role.main.arn
  architectures = ["arm64"]
  environment = {
    variables = {
      MY_KEY_1 = "MY_VALUE_1"
      MY_KEY_2 = "MY_VALUE_2"
    }
  }
}

resource "awscc_iam_role" "main" {
  description = "AWS IAM role for lambda function"
  assume_role_policy_document = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Action = "sts:AssumeRole"
        Effect = "Allow"
        Sid    = ""
        Principal = {
          Service = "lambda.amazonaws.com"
        }
      },
    ]
  })
}

Debug Output

Debug logs Shown that attribute runtime_management_config and ephemeral_storage is changing.

2024-06-30T11:11:22.348-0700 [DEBUG] provider.terraform-provider-awscc_v1.4.0_x5: Detected value change between proposed new state and prior state: tf_attribute_path=runtime_management_config tf_req_id=ac7565b6-95ee-ec20-3213-12a61f5d938b @caller=github.com/hashicorp/[email protected]/internal/fwserver/server_planresourcechange.go:208 @module=sdk.framework tf_provider_addr=registry.terraform.io/hashicorp/awscc tf_resource_type=awscc_lambda_function tf_rpc=PlanResourceChange timestamp=2024-06-30T11:11:22.348-0700
2024-06-30T11:11:22.348-0700 [DEBUG] provider.terraform-provider-awscc_v1.4.0_x5: Detected value change between proposed new state and prior state: @caller=github.com/hashicorp/[email protected]/internal/fwserver/server_planresourcechange.go:208 @module=sdk.framework tf_attribute_path=ephemeral_storage tf_req_id=ac7565b6-95ee-ec20-3213-12a61f5d938b tf_rpc=PlanResourceChange tf_provider_addr=registry.terraform.io/hashicorp/awscc tf_resource_type=awscc_lambda_function timestamp=2024-06-30T11:11:22.348-0700

PlanResourceChange_Request_PriorState.msgpack Shown that attribute runtime_management_config and ephemeral_storage value from the state file

{
  "architectures": [
    "arm64"
  ],
  "arn": "arn:aws:lambda:us-east-1:204034886740:function:lambda_function_name",
  "code": {
    "image_uri": null,
    "s3_bucket": null,
    "s3_key": null,
    "s3_object_version": null,
    "zip_file": "def lambda_handler(event,context):\n  print(\"Hello World!\")\n  return \n"
  },
  "code_signing_config_arn": null,
  "dead_letter_config": null,
  "description": "AWS Lambda function",
  "environment": {
    "variables": {
      "MY_KEY_1": "MY_VALUE_1",
      "MY_KEY_2": "MY_VALUE_2"
    }
  },
  "ephemeral_storage": {
    "size": 512
  },
  "file_system_configs": null,
  "function_name": "lambda_function_name",
  "handler": "main.lambda_handler",
  "id": "lambda_function_name",
  "image_config": null,
  "kms_key_arn": null,
  "layers": null,
  "logging_config": {
    "application_log_level": null,
    "log_format": "Text",
    "log_group": "/aws/lambda/lambda_function_name",
    "system_log_level": null
  },
  "memory_size": 128,
  "package_type": "Zip",
  "reserved_concurrent_executions": null,
  "role": "arn:aws:iam::204034886740:role/o1Znufrt8TmGudfikHlPQnMLp-OEk0XO7ffeXJ",
  "runtime": "python3.10",
  "runtime_management_config": {
    "runtime_version_arn": null,
    "update_runtime_on": "Auto"
  },
  "snap_start": {
    "apply_on": null
  },
  "snap_start_response": {
    "apply_on": "None",
    "optimization_status": "Off"
  },
  "tags": null,
  "timeout": 300,
  "tracing_config": {
    "mode": "PassThrough"
  },
  "vpc_config": null
}

PlanResourceChange_Request_ProposedNewState.msgpack Shown that attribute runtime_management_config and ephemeral_storage value is reset to null

{
  "architectures": [
    "arm64"
  ],
  "arn": "arn:aws:lambda:us-east-1:204034886740:function:lambda_function_name",
  "code": {
    "image_uri": null,
    "s3_bucket": null,
    "s3_key": null,
    "s3_object_version": null,
    "zip_file": "def lambda_handler(event,context):\n  print(\"Hello World!\")\n  return \n"
  },
  "code_signing_config_arn": null,
  "dead_letter_config": null,
  "description": "AWS Lambda function",
  "environment": {
    "variables": {
      "MY_KEY_1": "MY_VALUE_1",
      "MY_KEY_2": "MY_VALUE_2"
    }
  },
  "ephemeral_storage": null,
  "file_system_configs": null,
  "function_name": "lambda_function_name",
  "handler": "main.lambda_handler",
  "id": "lambda_function_name",
  "image_config": null,
  "kms_key_arn": null,
  "layers": null,
  "logging_config": {
    "application_log_level": null,
    "log_format": "Text",
    "log_group": "/aws/lambda/lambda_function_name",
    "system_log_level": null
  },
  "memory_size": 128,
  "package_type": "Zip",
  "reserved_concurrent_executions": null,
  "role": "arn:aws:iam::204034886740:role/o1Znufrt8TmGudfikHlPQnMLp-OEk0XO7ffeXJ",
  "runtime": "python3.10",
  "runtime_management_config": null,
  "snap_start": {
    "apply_on": null
  },
  "snap_start_response": {
    "apply_on": "None",
    "optimization_status": "Off"
  },
  "tags": null,
  "timeout": 300,
  "tracing_config": {
    "mode": "PassThrough"
  },
  "vpc_config": null
}

Expected Behavior

After the first terraform apply runs successfully, the subsequent terraform plan shouldn't detect any drift.

Actual Behavior

After the first terraform apply runs successfully, the subsequent terraform plan triggers a drift

This is similar to issue reported on #1216

Steps to Reproduce

  1. terraform apply
  2. terraform plan

References

  • #1216

wellsiau-aws avatar Jun 30 '24 18:06 wellsiau-aws