search

hashicorp / terraform-provider-aws

The AWS Provider enables Terraform to manage AWS resources.
https://registry.terraform.io/providers/hashicorp/aws
Mozilla Public License 2.0
9.61k stars 9k forks source link

[Bug]: Idempotent tags_all in aws_batch_job_definition (double apply required) #37254

Open ignatenkobrain opened 2 months ago

ignatenkobrain commented 2 months ago

Terraform Core Version

1.8.2

AWS Provider Version

5.47.0

Affected Resource(s)

Expected Behavior

No changes.

Actual Behavior

First apply

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place
 <= read (data resources)

Terraform will perform the following actions:

  # module.jobs.aws_batch_job_definition.this["meltano"] will be updated in-place
  ~ resource "aws_batch_job_definition" "this" {
      ~ arn                        = "arn:aws:batch:eu-west-1:439243399622:job-definition/xxx-meltano-dev:45" -> (known after apply)
      ~ container_properties       = jsonencode(
          ~ {
              - command              = []
              - mountPoints          = []
              ~ resourceRequirements = [
                    {
                        type  = "VCPU"
                        value = "1"
                    },
                  ~ {
                      ~ value = "3700" -> "3699"
                        # (1 unchanged attribute hidden)
                    },
                ]
              - ulimits              = []
              - volumes              = []
                # (4 unchanged attributes hidden)
            }
        )
        id                         = "arn:aws:batch:eu-west-1:439243399622:job-definition/xxx-meltano-dev:45"
        name                       = "xxx-meltano-dev"
      ~ revision                   = 45 -> (known after apply)
        tags                       = {}
        # (9 unchanged attributes hidden)

        # (2 unchanged blocks hidden)
    }

…

:exclamation: Apply right after that

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # module.jobs.aws_batch_job_definition.this["meltano"] will be updated in-place
  ~ resource "aws_batch_job_definition" "this" {
        id                         = "arn:aws:batch:eu-west-1:439243399622:job-definition/xxx-meltano-dev:47"
        name                       = "xxx-meltano-dev"
        tags                       = {}
      ~ tags_all                   = {
          + "gdc:project" = "xxx-dev"
          + "managed-by"  = "terraform"
        }
        # (11 unchanged attributes hidden)

        # (2 unchanged blocks hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

don't have simple reproducer - hitting it on production.

Steps to Reproduce

  1. Create aws_batch_job_definition and use default_tags configured with provider
  2. Apply (maybe multiple times, did not try from scratch)
  3. Modify some setting that will trigger update of jobdef (e.g. container_properties)
  4. Apply
  5. Plan - :exclamation: the tags_all modification will be shown

Debug Output

No response

Panic Output

No response

Important Factoids

I think combination of empty tags on batch jobdef and use of default_tags in provider configuration is essential to trigger it. Selective diff that has been implemented in 5.47.0 does not properly cover tags_all case.

References

Would you like to implement a fix?

No

github-actions[bot] commented 2 months ago

Community Note

Voting for Prioritization

Volunteering to Work on This Issue