search

hashicorp / terraform-provider-aws

The AWS Provider enables Terraform to manage AWS resources.
https://registry.terraform.io/providers/hashicorp/aws
Mozilla Public License 2.0
9.87k stars 9.21k forks source link

Changing master_password on aws_rds_cluster does not reset the password on Aurora Cluster #3220

Closed mechastorm closed 4 years ago

mechastorm commented 6 years ago

I seem to be encountering this issue. Is this an expected behaviour?

Terraform Version

Terraform v0.11.2
+ provider.aws v1.8.0
+ provider.credstash (unversioned)
+ provider.null v1.0.0
+ provider.template v1.0.0

Affected Resource(s)

Terraform Configuration Files

resource "aws_rds_cluster" "aurora_cluster" {
  ...
  database_name      = "${var.db_name}"
  master_username    = "${var.db_username}"
  master_password    = "${var.db_password}"
 ....
}

Expected Behavior

New master password is set on the Aurora Cluster

Actual Behavior

Only when I go the web console and manually reset the master password, the new password is recognised.

Steps to Reproduce

  1. Create a new aws_rds_cluster resource (aurora) with a password
  2. Verify you can login to the newly created database.
  3. Modify the resource with a new password
  4. Try to login to the database with the new password
bflad commented 6 years ago

Hi @mechastorm, it looks like master_password updates fall under the same restriction of requiring apply_immediately = true (aws_rds_cluster documentation) as some of the other updates, otherwise it will be pending until the next maintenance window. This is the behavior from the RDS API itself, so I am not sure we should go against that. We do not currently have a method in Terraform core of exposing a plan with a delayed apply, but it might be worth checking the upstream repository for any open issues about that feature so they can prioritize it.

github-actions[bot] commented 4 years ago

Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label.

If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!

ghost commented 4 years ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!