[Bug]: appstream stack fleet association

[pureiboi]

Terraform Core Version

1.3.5

AWS Provider Version

4.45.0

Affected Resource(s)

aws_appstream_fleet

Expected Behavior

resource applied successfully or with some handled error

Actual Behavior

│ Error: Provider produced inconsistent final plan
│ 
│ When expanding the plan for aws_appstream_stack.stack_main to include new
│ values learned so far during apply, provider
│ "registry.terraform.io/hashicorp/aws" produced an invalid new value for
│ .user_settings: planned set element
│ cty.ObjectVal(map[string]cty.Value{"action":cty.StringVal("CLIPBOARD_COPY_FROM_LOCAL_DEVICE"),
│ "permission":cty.StringVal("ENABLED")}) does not correlate with any element
│ in actual.
│ 
│ This is a bug in the provider, which should be reported in the provider's
│ own issue tracker.

Relevant Error/Panic Output Snippet

# aws_appstream_fleet.fleet_main will be updated in-place
  ~ resource "aws_appstream_fleet" "fleet_main" {
        id                                 = "fleet-image-test-1-2x4ybrPFm2"
      ~ max_user_duration_in_seconds       = 1200 -> 600
        name                               = "fleet-image-test-1-2x4ybrPFm2"
        tags                               = {}
        # (13 unchanged attributes hidden)

      ~ vpc_config {
          ~ subnet_ids         = [
              - "subnet-0ed197c4065443d7d",
              + "subnet-0c9119260b4f26071",
            ]
            # (1 unchanged attribute hidden)
        }

        # (1 unchanged block hidden)
    }

  # aws_appstream_stack.stack_main will be updated in-place
  ~ resource "aws_appstream_stack" "stack_main" {
        id                 = "stack-image-test-1-2x4ybrPFm2"
        name               = "stack-image-test-1-2x4ybrPFm2"
        tags               = {}
        # (4 unchanged attributes hidden)

      + storage_connectors {
          + connector_type      = "HOMEFOLDERS"
          + domains             = (known after apply)
          + resource_identifier = (known after apply)
        }
      - storage_connectors {
          - connector_type      = "HOMEFOLDERS" -> null
          - domains             = [] -> null
          - resource_identifier = "appstream2-36fb080bb8-ap-southeast-1-134661605377" -> null
        }

        # (9 unchanged blocks hidden)
    }

Plan: 0 to add, 2 to change, 0 to destroy.

Changes to Outputs:
  ~ fleet = {
      ~ compute_capacity                   = [
          ~ {
              ~ available         = 0 -> 1
              ~ running           = 0 -> 1
                # (2 unchanged elements hidden)
            },
        ]
        id                                 = "fleet-image-test-1-2x4ybrPFm2"
      ~ max_user_duration_in_seconds       = 1200 -> 600
        name                               = "fleet-image-test-1-2x4ybrPFm2"
        tags                               = {}
      ~ vpc_config                         = [
          ~ {
              ~ subnet_ids         = [
                  - "subnet-0ed197c4065443d7d",
                  + "subnet-0c9119260b4f26071",
                ]
                # (1 unchanged element hidden)
            },
        ]
        # (16 unchanged elements hidden)
    }
  ~ stack = {
        id                   = "stack-image-test-1-2x4ybrPFm2"
        name                 = "stack-image-test-1-2x4ybrPFm2"
      ~ storage_connectors   = [
          - {
              - connector_type      = "HOMEFOLDERS"
              - domains             = []
              - resource_identifier = "appstream2-36fb080bb8-ap-southeast-1-134661605377"
            },
            # (1 unchanged element hidden)
        ]
        tags                 = {}
      ~ user_settings        = [
          + {
              + action     = "CLIPBOARD_COPY_FROM_LOCAL_DEVICE"
              + permission = "ENABLED"
            },
          + {
              + action     = "DOMAIN_PASSWORD_SIGNIN"
              + permission = "ENABLED"
            },
          + {
              + action     = "DOMAIN_SMART_CARD_SIGNIN"
              + permission = "DISABLED"
            },
          + {
              + action     = "FILE_DOWNLOAD"
              + permission = "ENABLED"
            },
          + {
              + action     = "FILE_UPLOAD"
              + permission = "ENABLED"
            },
          + {
              + action     = "PRINTING_TO_LOCAL_DEVICE"
              + permission = "ENABLED"
            },
            # (1 unchanged element hidden)
        ]
        # (10 unchanged elements hidden)
    }

Terraform Configuration Files

-

Steps to Reproduce

update and change subnet / security group associated to fleet

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

None

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[justinretzolk]

Hey @pureiboi 👋 Thank you for taking the time to raise this! So that we have the necessary information in order to reproduce this, can you supply a sample Terraform configuration that demonstrates the behavior?

[pureiboi]

are you referring this?

locals {
  fleet_name        = "fleet-${var.image_name}-${random_string.random.id}"
  stack_name        = "stack-${var.image_name}-${random_string.random.id}"
  fleet_description = "fleet with ${var.fleet_instance_type}"
}

resource "random_string" "random" {
  length  = 10
  special = false

}

resource "aws_appstream_fleet" "fleet_main" {
  name                               = coalesce(var.fleet_name, local.fleet_name)
  image_name                         = var.image_name
  image_arn                          = var.image_arn
  instance_type                      = var.fleet_instance_type
  display_name                       = var.fleet_display_name
  description                        = coalesce(var.fleet_description, local.fleet_description)
  disconnect_timeout_in_seconds      = var.disconnect_timeout_in_seconds
  idle_disconnect_timeout_in_seconds = var.idle_disconnect_timeout_in_seconds
  max_user_duration_in_seconds       = var.max_user_duration_in_seconds
  enable_default_internet_access     = var.enable_default_internet_access
  fleet_type                         = var.fleet_type
  iam_role_arn                       = var.iam_role_arn
  stream_view                        = var.stream_view

  compute_capacity {
    desired_instances = var.desired_instances
  }

  domain_join_info {
    directory_name = var.directory_name

    organizational_unit_distinguished_name = var.organizational_unit_distinguished_name
  }

  vpc_config {
    subnet_ids         = var.subnet_ids
    security_group_ids = var.security_group_ids
  }

  tags = var.additional_tags
}

resource "aws_appstream_stack" "stack_main" {
  name               = coalesce(var.stack_name, local.stack_name)
  display_name       = var.stack_display_name
  description        = var.stack_description
  embed_host_domains = var.embed_host_domains
  redirect_url       = var.redirect_url
  feedback_url       = var.feedback_url

  access_endpoints {
    endpoint_type = var.endpoint_type
    vpce_id       = var.vpce_id
  }

  application_settings {
    enabled        = var.enable_persist_setting
    settings_group = var.settings_group
  }

  storage_connectors {
    connector_type      = var.connector_type
    domains             = var.domain
    resource_identifier = var.resource_identifier
  }

  dynamic "user_settings" {
    for_each = var.user_settings
    content {
      action     = user_settings.key
      permission = user_settings.value.permission
    }
  }

  tags = var.additional_tags
}

resource "aws_appstream_fleet_stack_association" "fleet_stack_association" {
  fleet_name = aws_appstream_fleet.fleet_main.name
  stack_name = aws_appstream_stack.stack_main.name
  depends_on = [aws_appstream_fleet.fleet_main, aws_appstream_stack.stack_main]
}

resource "aws_appstream_user_stack_association" "user_stack_association" {
  for_each                = var.users
  authentication_type     = each.value.authentication_type
  stack_name              = aws_appstream_stack.stack_main.name
  send_email_notification = var.send_email_notification
  user_name               = each.key
  depends_on              = [aws_appstream_stack.stack_main]
}