Open rickychew77 opened 11 months ago
Voting for Prioritization
Volunteering to Work on This Issue
I'm by no means an expert on this so take it with a grain of salt. aws elasticache describe-users
returns the following:
{
"Users": [
{
"UserId": "default",
"UserName": "default",
"Status": "active",
"Engine": "redis",
"MinimumEngineVersion": "6.0",
"AccessString": "on ~* +@all",
"UserGroupIds": [],
"Authentication": {
"Type": "no-password"
},
"ARN": "<redacted>"
}
]
}
The SDK has two structs, AuthenticationType and InputAuthenticationType which have different values.
I have no idea how providers reconcile these kinds of things where the setting value is different from the returning value. If someone can explain that, I might be able to try and fix it... but so far: 🤷🏼♂️
Let me state this same problem from a slightly different perspective: if you submit your aws_elasticache_user declaration with
authentication_mode {
type = "no-password-required"
}
the 'apply' always identifies the existing resource with type="no-password" and so the plan is to update this value ~ authentication_mode { ~ type = "no-password" -> "no-password-required" but if I try to conform to the retrieved 'no-password' setting, I get the result during 'apply':
Error: expected authentication_mode.0.type to be one of ["password" "no-password-required" "iam"], got no-password
It seems there is a conflict between Terraform and AWS CLI that is functionally compatible but comparatively incompatible. And frustratingly, this no-change 'modification' takes 3 minutes to "update" :( But if I comment out the authentication_mode block after creating the resource, no required action is detected during subsequent 'apply's!?
I'm using a workaround which is switching to password
.
I worked around this issue by adding a lifecycle block to ignore changes to the authentication mode but it is annoying.
lifecycle {
ignore_changes = [authentication_mode]
}
Terraform Core Version
1.5.6
AWS Provider Version
4.67.0
Affected Resource(s)
aws_elasticache_user
Expected Behavior
When doing a terraform plan/apply on existing
aws_elasticache_user
with authentication mode typeno-password-required
, it shouldn't prompt for a changeActual Behavior
While doing a terraform plan/apply on an existing
aws_elasticache_user
with authentication mode typeno-password-required
, it will prompt a changes from as belowit seems like the
no-password
is misleading and giving unnecessary changes to be applied.Relevant Error/Panic Output Snippet
No response
Terraform Configuration Files
Steps to Reproduce
terraform plan terraform apply
Debug Output
No response
Panic Output
No response
Important Factoids
No response
References
No response
Would you like to implement a fix?
No