hashicorp / terraform-provider-aws

The AWS Provider enables Terraform to manage AWS resources.
https://registry.terraform.io/providers/hashicorp/aws
Mozilla Public License 2.0
9.83k stars 9.18k forks source link

[Bug]: perpetual diff when user_attribute_update_settings is empty array #34904

Open joshaw opened 11 months ago

joshaw commented 11 months ago

Terraform Core Version

v1.6.5

AWS Provider Version

v5.30.0

Affected Resource(s)

Expected Behavior

A plan after an apply shows no changes.

Actual Behavior

We see a perpetual diff in aws_cognito_user_pool on the user_attribute_update_settings field.

Relevant Error/Panic Output Snippet

aws_cognito_user_pool.example: Refreshing state... [id=eu-west-1_XinuKqFdv]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # aws_cognito_user_pool.example will be updated in-place
  ~ resource "aws_cognito_user_pool" "example" {
        id                        = "eu-west-1_XinuKqFdv"
        name                      = "josh-test"
        tags                      = {}
        # (10 unchanged attributes hidden)

      + user_attribute_update_settings {}

        # (5 unchanged blocks hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

aws_cognito_user_pool.example: Modifying... [id=eu-west-1_XinuKqFdv]
aws_cognito_user_pool.example: Modifications complete after 0s [id=eu-west-1_XinuKqFdv]

Apply complete! Resources: 0 added, 1 changed, 0 destroyed.

Terraform Configuration Files

provider "aws" {
  region = "eu-west-1"
}

resource "aws_cognito_user_pool" "example" {
  name = "josh-test"

  user_attribute_update_settings {
    attributes_require_verification_before_update = []
  }
}

Steps to Reproduce

  1. Run terraform apply on the initial file.
  2. Run terraform apply again. Here we see a diff on user_attribute_update_settings.

Debug Output

The full TF_LOG=TRACE terraform apply on the spurious diff is at https://gist.github.com/joshaw/e5f9e4c3262f1a425cc9f1d7c2bcd6a1.

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

None

github-actions[bot] commented 11 months ago

Community Note

Voting for Prioritization

Volunteering to Work on This Issue

joshaw commented 1 month ago

In case it's useful, I've used a dynamic block to avoid the perpetual diff here, eg:

resource "aws_cognito_user_pool" "example" {
  name = "example"

  dynamic "user_attribute_update_settings" {
    for_each = length(var.attributes_require_verification) == 0 ? [] : [1]
    content {
      attributes_require_verification_before_update = var.attributes_require_verification
    }
  }
}