[Bug]: Error while revoking LakeFormation Permissions using resource `aws_lakeformation_permissions`

[thulasirajkomminar]

Terraform Core Version

1.7.5

AWS Provider Version

5.42.0

Affected Resource(s)

aws_lakeformation_permissions

Expected Behavior

Should have revoked the permissions which was removed from the code.

Actual Behavior

Error during apply.

Relevant Error/Panic Output Snippet

{"@level":"error","@message":"Error: unable to revoke LakeFormation Permissions (input: \u0026{[] 0xc002511900 0xc001f497c0 \u003cnil\u003e [ALL ALTER CREATE_TABLE DESCRIBE DROP] {}}): unable to revoke Lake Formation Permissions: operation error LakeFormation: RevokePermissions, 1 validation error(s) found.\n- missing required field, RevokePermissionsInput.Permissions.\n","@module":"terraform.ui","@timestamp":"2024-03-26T10:33:26.323823Z","diagnostic":{"severity":"error","summary":"unable to revoke LakeFormation Permissions (input: \u0026{[] 0xc002511900 0xc001f497c0 \u003cnil\u003e [ALL ALTER CREATE_TABLE DESCRIBE DROP] {}}): unable to revoke Lake Formation Permissions: operation error LakeFormation: RevokePermissions, 1 validation error(s) found.\n- missing required field, RevokePermissionsInput.Permissions.\n","detail":""},"type":"diagnostic"}

Terraform Configuration Files

locals ={
lakeformation_admin_role_arns = compact(concat([
    module.default2.role_arn,
    module.default2.role_arn],
  ))
}
resource "aws_lakeformation_permissions" "default" {
  for_each                      = toset(local.lakeformation_admin_role_arns)
  principal                     = each.key
  permissions                   = ["ALL", "ALTER", "CREATE_TABLE", "DESCRIBE", "DROP"]
  permissions_with_grant_option = ["ALL", "ALTER", "CREATE_TABLE", "DESCRIBE", "DROP"]

  database {
    name = aws_glue_catalog_database.default.name
  }
}

Steps to Reproduce

1. Apply the sample code
2. Remove one of the role arn
3. Run apply again

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

None

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[fatbasstard]

Looks like regression got introduced in the refactor to SDK V2: https://github.com/hashicorp/terraform-provider-aws/pull/36362

[fatbasstard]

@johnsonaj Hi Adrian, any chance you can quickly find what the cause of this error is?

[skitscha1]

Is there any update on this? I'm running into this issue as well.

[johnsonaj]

@fatbasstard, @skitscha1 thank you for the updates and the output. I have tried to reproduce this but I am unable to. It's very interesting that permission is not present on the SDK input but is a required field so it should always be set. I have made some adjustments to the expand/flatten functions that more closely align to what was there previously.

Possibly related: #36653