search

hashicorp / terraform-provider-aws

The AWS Provider enables Terraform to manage AWS resources.
https://registry.terraform.io/providers/hashicorp/aws
Mozilla Public License 2.0
9.87k stars 9.21k forks source link

[Bug]: aws_lakeformation_permissions inserts ALL permission in state file #38066

Open apwrk opened 5 months ago

apwrk commented 5 months ago

Terraform Core Version

1.5.0

AWS Provider Version

5.50.0

Affected Resource(s)

aws_lakeformation_permissions

Expected Behavior

expects in state file

resource "aws_lakeformation_permissions" "db_access" {
    catalog_resource              = false
    id                            = "xxxxxxx"
    permissions                   = [
        "DESCRIBE",
    ]
    permissions_with_grant_option = []
    principal                     = "some_principal"

    database {
        catalog_id = "xxxxxxx"
        name       = "some_db"
    }
}

expects in aws

        {
            "Principal": {
                "DataLakePrincipalIdentifier": "some_principal"
            },
            "Resource": {
                "Database": {
                    "CatalogId": "xxxxxxx",
                    "Name": "some_db"
                }
            },
            "Permissions": [
                "DESCRIBE"
            ],
            "PermissionsWithGrantOption": [],
            "LastUpdated": "2024-06-21T12:17:30.985000+02:00",
            "LastUpdatedBy": "arn:aws:iam::xxxxx:role/TerraformRole"
        },

Actual Behavior

what is in state file is

resource "aws_lakeformation_permissions" "db_access" {
    catalog_resource              = false
    id                            = "xxxxxxx"
    permissions                   = [
        "ALL",
        "DESCRIBE",
    ]
    permissions_with_grant_option = []
    principal                     = "some_principal"

    database {
        catalog_id = "xxxxxxx"
        name       = "some_db"
    }
}

There is an extra ALL permission in state file which is not expected. The permission in AWS however is as expected and has only "DESCRIBE" permission.

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

resource "aws_lakeformation_permissions" "db_access" {

  principal = "some_principal"

  permissions = ["DESCRIBE", ]

  database {
    name = "some_db"
  }
}

Steps to Reproduce

run terraform apply and check state file with `terraform state show"

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

None

github-actions[bot] commented 5 months ago

Community Note

Voting for Prioritization

Volunteering to Work on This Issue