[Bug]: AWS-side changes to CodeBuild project causes `CODEBUILD_CONFIG_AUTO_DISCOVER` env var diff with `aws_codebuild_project`

[acwwat]

Terraform Core Version

1.7.5

AWS Provider Version

5.46.0

Affected Resource(s)

aws_codebuild_project

Expected Behavior

While working on and validating a fix for #36987, many acceptance tests failed due to some unexpected differences, one of which is related to a new CODEBUILD_CONFIG_AUTO_DISCOVER environment variable. See error message below. The Report auto-discover feature is relatively new, and it seems that AWS is automatically adding this environment variable to all CodeBuild projects (at least new ones created - I am not sure about existing projects). I would have fixed this myself but I am not sure what the best approach would be. Thus I'd like someone more experienced to assist with this fix.

Acceptance tests should not fail.

Actual Behavior

Many acceptance test cases failed.

Relevant Error/Panic Output Snippet

=== NAME  TestAccCodeBuildProject_SourceType_codeCommit
    project_test.go:1642: Step 1/2 error: After applying this test step, the non-refresh plan was not empty.
        stdout:

        Terraform used the selected providers to generate the following execution
        plan. Resource actions are indicated with the following symbols:
          ~ update in-place

        Terraform will perform the following actions:

          # aws_codebuild_project.test will be updated in-place
          ~ resource "aws_codebuild_project" "test" {
                id                     = "arn:aws:codebuild:us-west-2:100180206982:project/tf-acc-test-8702553461237729790"
                name                   = "tf-acc-test-8702553461237729790"
                # (9 unchanged attributes hidden)

              ~ environment {
                    # (5 unchanged attributes hidden)

                  - environment_variable {
                      - name  = "CODEBUILD_CONFIG_AUTO_DISCOVER" -> null
                      - type  = "PLAINTEXT" -> null
                      - value = "true" -> null
                    }
                }

                # (4 unchanged blocks hidden)
            }

        Plan: 0 to add, 1 to change, 0 to destroy.
--- FAIL: TestAccCodeBuildProject_SourceType_codeCommit (46.61s)

Terraform Configuration Files

resource "aws_codebuild_project" "test" {
  name         = "my-test-9neg5edgzb"
  service_role = aws_iam_role.test.arn

  artifacts {
    type = "NO_ARTIFACTS"
  }

  environment {
    compute_type = "BUILD_GENERAL1_SMALL"
    image        = "2"
    type         = "LINUX_CONTAINER"
  }

  source {
    location = "https://git-codecommit.region-id.amazonaws.com/v1/repos/repo-name"
    type     = "CODECOMMIT"
  }
}

resource "aws_iam_role" "test" {
  name = "my-test-9neg5edgzb"

  assume_role_policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [{
    "Effect": "Allow",
    "Principal": {
      "Service": "codebuild.amazonaws.com"
    },
    "Action": "sts:AssumeRole"
  }]
}
EOF
}

resource "aws_iam_role_policy" "test" {
  name = "my-test-9neg5edgzb"
  role = aws_iam_role.test.name

  policy = <<POLICY
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Resource": "*",
      "Action": [
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:PutLogEvents"
      ]
    },
    {
      "Effect": "Allow",
      "Resource": "*",
      "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:GetObjectVersion",
        "s3:GetBucketAcl",
        "s3:PutBucketAcl",
        "s3:GetBucketLocation"
      ]
    },
    {
      "Effect": "Allow",
      "Resource": "*",
      "Action": [
        "codebuild:CreateReportGroup",
        "codebuild:CreateReport",
        "codebuild:UpdateReport",
        "codebuild:BatchPutTestCases",
        "codebuild:BatchPutCodeCoverages"
      ]
    },
    {
      "Effect": "Allow",
      "Resource": "*",
      "Action": [
        "ec2:CreateNetworkInterface",
        "ec2:CreateNetworkInterfacePermission",
        "ec2:DescribeDhcpOptions",
        "ec2:DescribeNetworkInterfaces",
        "ec2:DeleteNetworkInterface",
        "ec2:DescribeSubnets",
        "ec2:DescribeSecurityGroups",
        "ec2:DescribeVpcs"
      ]
    }
  ]
}
POLICY
}

Steps to Reproduce

Simply run acceptance tests for CodeBuild the codebuild package, for example:

make testacc PKG=codebuild TESTS=TestAccCodeBuildProject_SourceType_codeCommit

Alternatively, extract one of the test cases, such as the configuration above, and apply it once to create the resource, then apply it again to see the unexpected update.

Debug Output

n/a

Panic Output

n/a

Important Factoids

No response

References

No response

Would you like to implement a fix?

None

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.