hashicorp / terraform-provider-aws

The AWS Provider enables Terraform to manage AWS resources.
https://registry.terraform.io/providers/hashicorp/aws
Mozilla Public License 2.0
9.82k stars 9.16k forks source link

[Bug]: `aws_ssoadmin_application` Provider returned invalid result object after apply following resource import #35188

Open magreenbaum opened 9 months ago

magreenbaum commented 9 months ago

Terraform Core Version

1.5.7

AWS Provider Version

5.31.0

Affected Resource(s)

aws_ssoadmin_application

Expected Behavior

Successful terraform apply without error.

Actual Behavior

Following an import of the resource aws_ssoadmin_application, terraform plan shows addition of application_account attribute. Applying this results in an error that the provider returned invalid result object after apply.

  # module.example.aws_ssoadmin_application.this will be updated in-place
  ~ resource "aws_ssoadmin_application" "this" {
      + application_account      = (known after apply)
        id                       = "arn:aws:sso::<id>:application/ssoins-<id>/apl-<id>"
        name                     = "Example"
      + tags                     = {}
        # (6 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

Relevant Error/Panic Output Snippet

╷
│ Error: Provider returned invalid result object after apply
│ 
│ After the apply operation, the provider still indicated an unknown value for module.example.aws_ssoadmin_application.this.application_account. All values must be known after apply, so this is always a bug in the provider and should be
│ reported in the provider's own repository. Terraform will still save the other known object values in the state.
╵

Terraform Configuration Files

resource "aws_ssoadmin_application" "this" {
  application_provider_arn = "arn:aws:sso::aws:applicationProvider/catalog/AmazonQuickSight"
  instance_arn             = var.instance_arn
  name                     = var.name
  description              = var.description

  portal_options {
    sign_in_options {
      application_url = var.application_url
      origin          = "IDENTITY_CENTER"
    }
  }
  tags = var.tags
}

Steps to Reproduce

Import an existing ssoadmin application. Run terraform apply to apply the application_account showing known after apply.

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

None

github-actions[bot] commented 9 months ago

Community Note

Voting for Prioritization

Volunteering to Work on This Issue

cdeneen-adelaide commented 2 months ago

I believe this actually because of this bug. https://github.com/hashicorp/terraform-provider-aws/issues/34813

Basically you can't use the API to create custom SAML apps but Terraform allows you to import them. If you attempt to modify the resource it will fail. It either fails validation on the name or it tries to add a new property "application_account" that isn't possible.