awscc_gamelift_fleet - force replacement by mutable attributes

wellsiau-aws commented 7 months ago

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment
The resources and data sources in this provider are generated from the CloudFormation schema, so they can only support the actions that the underlying schema supports. For this reason submitted bugs should be limited to defects in the generation and runtime code of the provider. Customizing behavior of the resource, or noting a gap in behavior are not valid bugs and should be submitted as enhancements to AWS via the CloudFormation Open Coverage Roadmap.

Terraform CLI and Terraform AWS Cloud Control Provider Version

Affected Resource(s)

awscc_gamelift_fleet

Terraform Configuration Files

Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.

resource "awscc_gamelift_fleet" "example" {
  name              = "TFExampleFleet"
  build_id          = awscc_gamelift_build.example.id
  compute_type      = "EC2"
  ec2_instance_type = "c5.large"
  fleet_type        = "ON_DEMAND"
  description       = "example-1"
  certificate_configuration = {
    certificate_type = "DISABLED"
  }
  locations = [{
    location = "us-east-1",
    location_capacity = {
      desired_ec2_instances = 1,
      max_size = 1, 
      min_size = 0
    }
  }]
  runtime_configuration = {
    server_processes = [
      {
        concurrent_executions = 1
        launch_path           = "/local/game/gamelift-test-app"
        parameters            = "port:1936 gameSessionLengthSeconds:20"
      },

    ]
  }
}

resource "awscc_gamelift_build" "example" {
  name               = "ExampleBuild"
  version            = "1.0"
  operating_system   = "AMAZON_LINUX_2"
  server_sdk_version = "5.1.1"

  storage_location = {
    bucket   = "gamelift-test-wellsiau"
    key      = "gamelift-test-app-cpp-5.x-linux-x64-static-gcc-std.zip"
    role_arn = awscc_iam_role.example.arn
  }
}

resource "awscc_iam_role" "example" {
  role_name   = "gamelift-s3-access"
  description = "This IAM role grants Amazon GameLift access to the S3 bucket containing build files"
  assume_role_policy_document = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Action = "sts:AssumeRole"
        Effect = "Allow"
        Sid    = ""
        Principal = {
          Service = "gamelift.amazonaws.com"
        }
      },
    ]
  })
  managed_policy_arns  = [aws_iam_policy.example.arn]
  max_session_duration = 7200
  path                 = "/"
}

resource "aws_iam_policy" "example" {
  name = "gamelift-s3-access-policy"

  policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Effect   = "Allow"
        Action   = ["s3:*"]
        Resource = "*"
      },
    ]
  })
}

Debug Output

Expected Behavior

When changing mutable attribute such as description, I expect the resource to modify the attribute instead of re-creating it.

Actual Behavior

Resource replacement triggered by Terraform plan


Terraform will perform the following actions:

  # awscc_gamelift_fleet.example2 must be replaced
-/+ resource "awscc_gamelift_fleet" "example2" {
      + anywhere_configuration             = (known after apply)
      + apply_capacity                     = (known after apply) # forces replacement
      ~ description                        = "hi" -> "hello"
      + desired_ec2_instances              = (known after apply)
      + ec2_inbound_permissions            = (known after apply)
      ~ fleet_id                           = "fleet-9b25e3ba-8968-44c5-9697-66ffaee1fab3" -> (known after apply)
      ~ id                                 = "fleet-9b25e3ba-8968-44c5-9697-66ffaee1fab3" -> (known after apply)
      + instance_role_arn                  = (known after apply) # forces replacement
      + instance_role_credentials_provider = (known after apply) # forces replacement
      + log_paths                          = (known after apply) # forces replacement
      + max_size                           = (known after apply)
      ~ metric_groups                      = [
          - "default",
        ] -> (known after apply)
      + min_size                           = (known after apply)
        name                               = "TFExampleFleet2"
      ~ new_game_session_protection_policy = "NoProtection" -> (known after apply)
      + peer_vpc_aws_account_id            = (known after apply) # forces replacement
      + peer_vpc_id                        = (known after apply) # forces replacement
      + resource_creation_limit_policy     = (known after apply)
      ~ runtime_configuration              = {
          ~ game_session_activation_timeout_seconds = 30 -> (known after apply)
          ~ max_concurrent_game_session_activations = 2147483647 -> (known after apply)
            # (1 unchanged attribute hidden)
        }
      + scaling_policies                   = (known after apply)
      + script_id                          = (known after apply) # forces replacement
      ~ server_launch_parameters           = "port:1936 gameSessionLengthSeconds:20" -> (known after apply)
      ~ server_launch_path                 = "/local/game/gamelift-test-app" -> (known after apply)
        # (6 unchanged attributes hidden)
    }

Plan: 1 to add, 0 to change, 1 to destroy.

Steps to Reproduce

terraform apply
modify the description attribute to something else
terraform plan

Important Factoids

References

0000

wellsiau-aws commented 7 months ago

We know that description is not a force-replacement attributes

  "createOnlyProperties": [
    "/properties/ApplyCapacity",
    "/properties/BuildId",
    "/properties/CertificateConfiguration",
    "/properties/EC2InstanceType",
    "/properties/FleetType",
    "/properties/InstanceRoleARN",
    "/properties/InstanceRoleCredentialsProvider",
    "/properties/LogPaths",
    "/properties/PeerVpcAwsAccountId",
    "/properties/PeerVpcId",
    "/properties/ScriptId",
    "/properties/ServerLaunchParameters",
    "/properties/ServerLaunchPath",
    "/properties/CertificateType",
    "/properties/ComputeType"
  ],

wellsiau-aws commented 7 months ago

relates to #1139

wellsiau-aws commented 4 months ago

fix confirmed, tested on the latest AWSCC provider ver 1.2.0

hashicorp / terraform-provider-awscc