hashicorp / terraform-provider-aws

The AWS Provider enables Terraform to manage AWS resources.
https://registry.terraform.io/providers/hashicorp/aws
Mozilla Public License 2.0
9.87k stars 9.21k forks source link

[Bug]: Migrating exisitng AWS Redshift Cluster to managed master password is not supported #38429

Open Swisk opened 4 months ago

Swisk commented 4 months ago

Terraform Core Version

1.8.5

AWS Provider Version

5.44.0

Affected Resource(s)

aws_redshift_cluster

Expected Behavior

We expect the cluster to gracefully transition to use an AWS managed secret for the admin credentials.

Actual Behavior

Redshift cluster was unable to be modified.

Note that destroying and recreating the cluster worked, so it seems that the modification of an existing cluster is not properly implemented.

Relevant Error/Panic Output Snippet

╷
│ Error: modifying Redshift Cluster (datahub-redshift-uat): InvalidParameterValue: The parameter MasterUserPassword must be provided and must not be blank.
│       status code: 400, request id: 07d902e8-4812-4cb3-bf4f-89173ede7f95
│
│   with module.redshift.aws_redshift_cluster.redshift_cluster,
│   on ../modules/redshift/main.tf line 6, in resource "aws_redshift_cluster" "redshift_cluster":
│    6: resource "aws_redshift_cluster" "redshift_cluster" {
│

Terraform Configuration Files

resource "aws_redshift_cluster" "initial" {
  cluster_identifier = "tf-redshift-cluster"
  database_name      = "mydb"
  master_username    = "exampleuser"
  master_password     = "examplepassword"
  node_type          = "dc1.large"
  cluster_type       = "single-node"

  manage_master_password = true
}

resource "aws_redshift_cluster" "subsequent" {
  cluster_identifier = "tf-redshift-cluster"
  database_name      = "mydb"
  master_username    = "exampleuser"
  node_type          = "dc1.large"
  cluster_type       = "single-node"

  manage_master_password = true
}

Steps to Reproduce

Create a redshift cluster using the master_password argument. Subsequently modify the resource to use the manage_master_password argument instead.

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

None

github-actions[bot] commented 4 months ago

Community Note

Voting for Prioritization

Volunteering to Work on This Issue

ressom commented 3 months ago

I just experienced this today.

A workaround is to click-ops the change from not-managed to managed in the AWS Console and then re-run plan / apply.