terraform-provider-awscc icon indicating copy to clipboard operation
terraform-provider-awscc copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

vpc default values do not persist after create()

Open drewmullen opened this issue 3 years ago • 3 comments

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment
  • The resources and data sources in this provider are generated from the CloudFormation schema, so they can only support the actions that the underlying schema supports. For this reason submitted bugs should be limited to defects in the generation and runtime code of the provider. Customizing behavior of the resource, or noting a gap in behavior are not valid bugs and should be submitted as enhancements to AWS via the Cloudformation Open Coverage Roadmap.

Terraform CLI and Terraform AWS Cloud Control Provider Version

$ terraform -v
Terraform v1.0.8
on darwin_amd64
+ provider registry.terraform.io/hashicorp/awscc v0.7.0

Affected Resource(s)

  • awscc_ec2_vpc

Terraform Configuration Files

Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.

resource "awscc_ec2_vpc" "test" {
    cidr_block = "10.0.0.0/16"
    tags = [{
      key = "test"
      value= "test"
    }]
}

Debug Output

Panic Output

Expected Behavior

On 2nd apply, should be no changes

Actual Behavior

Terraform will perform the following actions:

  # module.child.awscc_ec2_vpc.test will be updated in-place
  ~ resource "awscc_ec2_vpc" "test" {
      - enable_dns_hostnames    = false -> null
      - enable_dns_support      = true -> null
        id                      = "vpc-0139028713dd1de81"
      - instance_tenancy        = "default" -> null
        tags                    = [
            {          },
          # (1 unchanged element hidden)
        ]
        # (6 unchanged attributes hidden)
    }
    
    ...
 module.child.awscc_ec2_vpc.test: Modifying... [id=vpc-0139028713dd1de81]
╷
│ Error: AWS SDK Go Service Operation Incomplete
│ 
│   with module.child.awscc_ec2_vpc.test,
│   on module/main.tf line 20, in resource "awscc_ec2_vpc" "test":
│   20: resource "awscc_ec2_vpc" "test" {
│ 
│ Waiting for Cloud Control API service UpdateResource operation completion returned: waiter state transitioned to FAILED.
│ StatusMessage: Resource of type 'vpc' with identifier 'vpc-0139028713dd1de81' is not updatable with parameters provided..
│ ErrorCode: NotUpdatable

Steps to Reproduce

  1. terraform apply

Important Factoids

References

  • #0000

drewmullen avatar Dec 01 '21 21:12 drewmullen

@drewmullen This is due to the lack of a default value specified in the CloudFormation resource schema for VPC properties such as

enable_dns_hostnames https://github.com/hashicorp/terraform-provider-awscc/blob/636642568dea8a12d219dae2ba39478a4b0469ef/internal/service/cloudformation/schemas/AWS_EC2_VPC.json#L42-L45

or instance_tenancy

https://github.com/hashicorp/terraform-provider-awscc/blob/636642568dea8a12d219dae2ba39478a4b0469ef/internal/service/cloudformation/schemas/AWS_EC2_VPC.json#L50-L53

The corresponding Terraform attributes are marked as Optional, but not Computed

https://github.com/hashicorp/terraform-provider-awscc/blob/636642568dea8a12d219dae2ba39478a4b0469ef/internal/aws/ec2/vpc_resource_gen.go#L79-L89

https://github.com/hashicorp/terraform-provider-awscc/blob/636642568dea8a12d219dae2ba39478a4b0469ef/internal/aws/ec2/vpc_resource_gen.go#L101-L111

so when Terraform refreshes the resource state from AWS and sees false and default for the current value of those attributes but no value specified in configuration, a plan is generated to null-out those attributes.

BTW, in terraform-provider-aws, enable_dns_hostnames is Optional+Computed and instance_tenancy has a default value.

There is an umbrella issue for this: #191. As a workaround you will have to specify those default values in configuration. The only solution we can think of right now (as JSON Schema declares that default values are optional and usage by AWS service teams varies) is to mark all Optional attributes as Computed which will mean that we loose some drift detection functionality.

ewbankkit avatar Dec 02 '21 13:12 ewbankkit

I have opened an issue with the upstream CFN team

https://github.com/aws-cloudformation/cloudformation-coverage-roadmap/issues/1012

drewmullen avatar Dec 20 '21 14:12 drewmullen

@ewbankkit https://github.com/aws-cloudformation/cloudformation-coverage-roadmap/issues/1012#issuecomment-998127280

AWS suggesting could be a bug

drewmullen avatar Dec 20 '21 17:12 drewmullen