search

hashicorp / terraform-provider-aws

The AWS Provider enables Terraform to manage AWS resources.
https://registry.terraform.io/providers/hashicorp/aws
Mozilla Public License 2.0
9.81k stars 9.16k forks source link

Terraform apply always shows changes on documentdb parameter group #13384

Closed aakrem closed 3 years ago

aakrem commented 4 years ago

Terraform keeps displaying that actions will be performed on aws_docdb_cluster_parameter_group

module definition:

resource "aws_docdb_cluster_parameter_group" "documentdb_parameter_group" {
  family      = "docdb3.6"
  name        = "name"
  description = "docdb cluster parameter group"

  parameter {
    name  = "tls"
    value = "enabled"
    apply_method= "pending-reboot"
  }
}

~ terraform plan

  ~ resource "aws_docdb_cluster_parameter_group" "documentdb_parameter_group" {
        arn         = "arn"
        description = "docdb cluster parameter group"
        family      = "docdb3.6"
        id          = "id"
        name        = "name"
        tags        = {}

      + parameter {
          + apply_method = "pending-reboot"
          + name         = "tls"
          + value        = "Enabled"
        }
    }

I found in other github similar issues that it might be the "Enabled" value and should try true, 1 .. I tried 1, "1", true, "true" and all of them showed same behaviour.

terraform version: 0.12.21 terraform aws provier version: 2.62.0

mbld commented 4 years ago

Same for me with slightly different versions and config. Main config difference is using apply_method = "immediate".

My versions are: terraform: 0.12.26 terraform aws provider: 2.67 (terragrunt: 0.23.14)

nathant727 commented 4 years ago

With Terraform v0.12.24, we are experiencing the same issue even though nothing has changed in our aws_docdb_cluster_parameter_group:

  # module.documentdb.aws_docdb_cluster_parameter_group.docdb will be updated in-place
  ~ resource "aws_docdb_cluster_parameter_group" "docdb" {
        arn         = "arn:aws:rds:us-east-1:647340561633:cluster-pg:alulastagingswarm-docdb-param-group"
        description = "Managed by Terraform"
        family      = "docdb3.6"
        id          = "alulastagingswarm-docdb-param-group"
        name        = "alulastagingswarm-docdb-param-group"
        tags        = {}

      + parameter {
          + apply_method = "pending-reboot"
          + name         = "tls"
          + value        = "enabled"
        }
    }
valter-lisboa commented 4 years ago

The thing here appears to be a parameter on the resourceAwsDocDBClusterParameterGroupRead function inside the resource. On the line with the input definition for the DescribeDBClusterParameters API call have Source set to "user"

describeParametersOpts := &docdb.DescribeDBClusterParametersInput{
    DBClusterParameterGroupName: aws.String(d.Id()),
    Source:                      aws.String("user"),
}

As far I could check using awscli, getting rid of it return all values (change for your parameter group name).

Without source set to user.

aws docdb describe-db-cluster-parameters --db-cluster-parameter-group-name <NAME> | jq '.Parameters[] | "name=\(.ParameterName) type=\(.Source)"'
"name=audit_logs type=user"
"name=change_stream_log_retention_duration type=system"
"name=profiler type=user"
"name=profiler_sampling_rate type=system"
"name=profiler_threshold_ms type=user"
"name=tls type=system"
"name=ttl_monitor type=system"

With source set to user:

aws docdb describe-db-cluster-parameters --db-cluster-parameter-group-name <NAME> --source user | jq '.Parameters[] | "name=\(.ParameterName) type=\(.Source)"'
"name=audit_logs type=user"
"name=profiler type=user"
"name=profiler_threshold_ms type=user"
bubalush commented 4 years ago

I'm observing the same problem.

VladimirRybalko commented 4 years ago

Terraform v0.12.27 provider.aws v3.5.0

We have exactly the same issue. This issue makes usage of terraform for DocumentDb stuff slightly useless. @YakDriver do you have any plans to fix it or at least, could you please provide us with any suitable workaround?

Thanks in advance

quantm241 commented 4 years ago

Now it can read only tls parameter. All other parameters are type system

"name=audit_logs type=system"
"name=change_stream_log_retention_duration type=system"
"name=profiler type=system"
"name=profiler_sampling_rate type=system"
"name=profiler_threshold_ms type=system"
"name=tls type=user"
"name=ttl_monitor type=system"
michel-dance commented 4 years ago

Any update on this issue? Our terraform apply keeps showing changes because of this, so we had to ignore this and apply anyway. This has already lead to issues in production.

ionosphere80 commented 3 years ago

Same problem.

daenney commented 3 years ago

I've just hit this too, on terraform 0.14 and provider 3.32.0. It breaks the expected idempotency of plan+apply cycles.

ghost commented 3 years ago

This has been released in version 3.36.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

ghost commented 3 years ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!