aws_cloudwatch_event_rule pattern converts float to integer with trailing 0 float

ghost commented 6 years ago

This issue was originally opened by @phundisk as hashicorp/terraform#18094. It was migrated here as a result of the provider split. The original body of the issue is below.

When using TF 0.11.7 and the aws_cloudwatch_event_rule resource. If you specify a pattern that is a float like '5.0' TF will remove the trailing 0 and change it to simply '5'. This is bad because you may want to look for string that are actually 5.0 for example with AWS guard duty events.

Terraform Version

$ terraform -v
Terraform v0.11.7
+ provider.aws v1.15.0
+ provider.template v1.0.0

Terraform Configuration Files

resource "aws_cloudwatch_event_rule" "guardduty_event" {
  name        = "guardduty-event"
  description = "Detects and sends info on guardduty findings"

  #event_pattern = "${file("${path.module}/Policies/guardduty_event.json")}"
  event_pattern = <<PATTERN
{
    "source": [
      "aws.guardduty"
    ],
    "detail-type": [
      "GuardDuty Finding"
    ],
    "detail": {
      "severity": [5.0,5.1,5.2,5.3,5.4,5.5,5.6,5.7,5.8,5.9,6.0,6.1,6.2,6.3,6.4,6.5,6.6,6.7,6.8,6.9,7.0,7.1,7.2,7.3,7.4,7.5,7.6,7.7,7.8,7.9,8.0,8.1,8.2,8.3,8.4,8.5,8.6,8.7,8.8,8.9]
    }
}
PATTERN
}

Expected Behavior

Event pattern should not have changed from '5.0' to '5' as for AWS events, the actual event is 5.0 and not 5.

Actual Behavior

Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.

------------------------------------------------------------------------

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  + aws_cloudwatch_event_rule.guardduty_event
      id:            <computed>
      arn:           <computed>
      description:   "Detects and sends info on guardduty findings"
      event_pattern: "{\"detail\":{\"severity\":[5,5.1,5.2,5.3,5.4,5.5,5.6,5.7,5.8,5.9,6,6.1,6.2,6.3,6.4,6.5,6.6,6.7,6.8,6.9,7,7.1,7.2,7.3,7.4,7.5,7.6,7.7,7.8,7.9,8,8.1,8.2,8.3,8.4,8.5,8.6,8.7,8.8,8.9]},\"detail-type\":[\"GuardDuty Finding\"],\"source\":[\"aws.guardduty\"]}"
      is_enabled:    "true"
      name:          "guardduty-event"

Plan: 1 to add, 0 to change, 0 to destroy.

Steps to Reproduce

terraform plan -target=aws_cloudwatch_event_rule.guardduty_event

YuvarajMathi commented 5 years ago

Is there any fix for the above issue, I am still facing the same CODE: resource "aws_cloudwatch_event_rule" "ecs_tast_status" { count = "${var.ecscluster_is_enabled}" depends_on = [ "aws_ecs_cluster.ecs_cluster_name" ] name = "${aws_ecs_cluster.ecs_cluster_name.name}_TASK_STATUS" description = "YOU WILL BE NOTIFIED due to change on DEPLOYED SERVICE STATUS" event_pattern = <<PATTERN { "source": [ "aws.ecs" ], "detail-type": [ "ECS Task State Change" ], "detail": { "clusterArn": [ "${aws_ecs_cluster.ecs_cluster_name.arn}" ] } } PATTERN }

OUTPUT:

module.ecs_cluster.aws_cloudwatch_event_rule.ecs_tast_status id: arn: description: "YOU WILL BE NOTIFIED due to change on DEPLOYED SERVICE STATUS" event_pattern: "{\"detail\":{\"clusterArn\":[\"arn:aws:ecs:us-east-1:XXXXXXXXXXXXXXXX507:cluster/br_gtodev_ecsmr_app_ecs_cluster\"]},\"detail-type\":[\"ECS Task State Change\"],\"source\":[\"aws.ecs\"]}" is_enabled: "true" name: "br_gtodev_ecsmr_app_ecs_cluster_TASK_STATUS"

Imitat commented 4 years ago

Noting the original / top issue here remains, and it's been seen in the AWS Console as well. It may be related to Go itself.

Working around the issue is possible by using a null_resource resource and local-exec provisioner, where the AWS CLI command correctly updates the pattern with every terraform apply...

variable "event_pattern" {
  type = "string"
  default = <<PATTERN
{
  "source": ["aws.guardduty"],
  "detail-type": ["GuardDuty Finding"],
  "detail": {
    "severity": [4,4.0,4.1,4.2,4.3,4.4,4.5,4.6,4.7,4.8,4.9,5,5.0,5.1,5.2,5.3,5.4,5.5,5.6,5.7,5.8,5.9,6,6.0,6.1,6.2,6.3,6.4,6.5,6.6,6.7,6.8,6.9,7,7.0,7.1,7.2,7.3,7.4,7.5,7.6,7.7,7.8,7.9,8,8.0,8.1,8.2,8.3,8.4,8.5,8.6,8.7,8.8,8.9]
  }
}
PATTERN
}

resource "aws_cloudwatch_event_rule" "guard-duty-medium-and-high" {
  name          = "Guard-Duty-Medium-And-High"
  event_pattern = var.event_pattern
}
  resource "null_resource" "guard-duty-medium-and-high-rule-via-cli" {
    depends_on = [aws_cloudwatch_event_rule.guard-duty-medium-and-high]
    triggers = {
      always_run = timestamp() # This likely implies needing to remove this resource prior to destroying the rule one
    }
    provisioner "local-exec" {
      command = "aws events put-rule --name Guard-Duty-Medium-And-High --event-pattern '${var.event_pattern}'"
    }
  }

resource "aws_cloudwatch_event_target" "guard-duty-medium-and-high-target" {
  rule      = aws_cloudwatch_event_rule.guard-duty-medium-and-high.name
  arn       = aws_sns_topic.devops-events.arn
}

hashicorp / terraform-provider-aws