awscc_inspectorv2_cis_scan_configuration: optional key targets is required in plan/apply

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment
The resources and data sources in this provider are generated from the CloudFormation schema, so they can only support the actions that the underlying schema supports. For this reason submitted bugs should be limited to defects in the generation and runtime code of the provider. Customizing behavior of the resource, or noting a gap in behavior are not valid bugs and should be submitted as enhancements to AWS via the CloudFormation Open Coverage Roadmap.

Terraform CLI and Terraform AWS Cloud Control Provider Version

terraform -v
Terraform v1.7.4
on darwin_amd64
+ provider registry.terraform.io/hashicorp/aws v5.50.0
+ provider registry.terraform.io/hashicorp/awscc v0.78.0

Affected Resource(s)

awscc_inspectorv2_cis_scan_configuration

Terraform Configuration Files

Based on the scan configuration input, every input is optional. For example, with the configuration below where targets is not provided , terraform apply fails.


resource "awscc_inspectorv2_cis_scan_configuration" "example" {
  scan_name = "example"
  schedule = {
    daily = {
      start_time = {
        time_of_day = "00:00"
        time_zone   = "UTC"
      }
    }
  }
  security_level = "LEVEL_1"
  tags = {
   "Modified By"= "AWSCC"
  }
}

Debug Output

Panic Output

Expected Behavior

Expected to have the scan configuration deployed. Plan honors the requirement levels, but the API rejects the input on apply.

Actual Behavior

With targets missing :

╷
│ Error: AWS SDK Go Service Operation Incomplete
│
│   with awscc_inspectorv2_cis_scan_configuration.example,
│   on main.tf line 1, in resource "awscc_inspectorv2_cis_scan_configuration" "example":
│    1: resource "awscc_inspectorv2_cis_scan_configuration" "example" {
│
│ Waiting for Cloud Control API service CreateResource operation completion
│ returned: waiter state transitioned to FAILED. StatusMessage: 1 validation
│ error detected: Value at 'targets' failed to satisfy constraint: Member must
│ not be null (Service: Inspector2, Status Code: 400, Request ID:
│ df786bf8-789d-4fd4-8c2c-4153a8c9568c). ErrorCode: InvalidRequest

With all missing :

╷
│ Error: AWS SDK Go Service Operation Incomplete
│
│   with awscc_inspectorv2_cis_scan_configuration.example,
│   on main.tf line 1, in resource "awscc_inspectorv2_cis_scan_configuration" "example":
│    1: resource "awscc_inspectorv2_cis_scan_configuration" "example" {
│
│ Waiting for Cloud Control API service CreateResource operation completion
│ returned: waiter state transitioned to FAILED. StatusMessage: 4 validation
│ errors detected: Value at 'securityLevel' failed to satisfy constraint:
│ Member must not be null; Value at 'schedule' failed to satisfy constraint:
│ Member must not be null; Value at 'scanName' failed to satisfy constraint:
│ Member must not be null; Value at 'targets' failed to satisfy constraint:
│ Member must not be null (Service: Inspector2, Status Code: 400, Request ID:
│ c4a8eb98-e631-430c-a5ce-406a89897f56). ErrorCode: InvalidRequest

Steps to Reproduce

terraform apply

hashicorp / terraform-provider-awscc

awscc_inspectorv2_cis_scan_configuration: optional key targets is required in plan/apply #1747