terraform-aws-cognito-user-pool
terraform-aws-cognito-user-pool copied to clipboard
lgallard
String schemas are updated on every terraform run due to missing string_attribute_constraints attribute
Terraform CLI and Terraform AWS Provider Version
Terraform v1.0.6 AWS provider 3.63.0
Affected Resource(s)
aws_cognito_user_pool
Affected Module Attrinbute(s)
string_schemas number_schemas
Terraform Configuration Files
module "cognito_user_pool" {
source = "lgallard/cognito-user-pool/aws"
version = "0.20.1"
user_pool_name = "Default"
username_attributes = ["email"]
....
string_schemas = [
{
attribute_data_type = "String"
developer_only_attribute = false
mutable = true
name = "groups"
required = false
string_attribute_constraints = {}
},
{
attribute_data_type = "String"
developer_only_attribute = false
mutable = true
name = "email"
required = true
string_attribute_constraints = {
max_length = "2048"
min_length = "0"
}
}
]
}
Expected Behavior
Pool is created with string schemas and terraform does not try to update them on the following terrafrom execution.
Actual Behavior
# module.cognito_user_pool.aws_cognito_user_pool.pool[0] will be updated in-place
~ resource "aws_cognito_user_pool" "pool" {
id = "us-east-1_ABCDE1234"
name = "Default"
tags = {
"Terraform" = "true"
}
# (14 unchanged attributes hidden)
- schema {
- attribute_data_type = "String" -> null
- developer_only_attribute = false -> null
- mutable = true -> null
- name = "groups" -> null
- required = false -> null
- string_attribute_constraints {}
}
+ schema {
+ attribute_data_type = "String"
+ developer_only_attribute = false
+ mutable = true
+ name = "groups"
+ required = false
}
+ schema {
}
# (11 unchanged blocks hidden)
}
Steps to Reproduce
- terraform apply
- terraform apply
Using version 0.24.0, Still same issue here, the config: { name = "tenantID" attribute_data_type = "String" mutable = true required = false developer_only_attribute = false string_attribute_constraints = {} }, { name = "userRole" attribute_data_type = "String" mutable = true required = false developer_only_attribute = false string_attribute_constraints = {} }, { name = "userOrganization" attribute_data_type = "String" mutable = true required = false developer_only_attribute = false string_attribute_constraints = {} }
Behaviour on every terraform plan/apply:
# (13 unchanged attributes hidden)
- schema {
- attribute_data_type = "String" -> null
- developer_only_attribute = false -> null
- mutable = true -> null
- name = "tenantID" -> null
- required = false -> null
- string_attribute_constraints {}
}
- schema {
- attribute_data_type = "String" -> null
- developer_only_attribute = false -> null
- mutable = true -> null
- name = "userOrganization" -> null
- required = false -> null
- string_attribute_constraints {}
}
- schema {
- attribute_data_type = "String" -> null
- developer_only_attribute = false -> null
- mutable = true -> null
- name = "userRole" -> null
- required = false -> null
- string_attribute_constraints {}
}
+ schema {
+ attribute_data_type = "String"
+ developer_only_attribute = false
+ mutable = true
+ name = "tenantID"
+ required = false
}
+ schema {
+ attribute_data_type = "String"
+ developer_only_attribute = false
+ mutable = true
+ name = "userOrganization"
+ required = false
}
+ schema {
+ attribute_data_type = "String"
+ developer_only_attribute = false
+ mutable = true
+ name = "userRole"
+ required = false
}
+ schema {
}
# (10 unchanged blocks hidden)
}
Plan: 0 to add, 1 to change, 0 to destroy.
We're also seeing this, I've raised an MR to bring the lifecycle block back:
https://github.com/lgallard/terraform-aws-cognito-user-pool/pull/129
Fixed it by removing the variables and declaring it in the main.tf directly as shown in the complete example (https://github.com/lgallard/terraform-aws-cognito-user-pool/blob/master/examples/complete/main.tf), I guess I was using it in variables.tf incorrectly, but just kept it as is without variables.