awscc_msk_cluster : subsequent applies keeps modifying cluster

[quixoticmonk]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment
• The resources and data sources in this provider are generated from the CloudFormation schema, so they can only support the actions that the underlying schema supports. For this reason submitted bugs should be limited to defects in the generation and runtime code of the provider. Customizing behavior of the resource, or noting a gap in behavior are not valid bugs and should be submitted as enhancements to AWS via the CloudFormation Open Coverage Roadmap.

Terraform CLI and Terraform AWS Cloud Control Provider Version

Terraform v1.9.0
on darwin_amd64
+ provider registry.terraform.io/hashicorp/aws v5.56.1
+ provider registry.terraform.io/hashicorp/awscc v1.4.0

Affected Resource(s)

• awscc_msk_cluster

Terraform Configuration Files

Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.

resource "awscc_msk_cluster" "example" {
  cluster_name           = "example"
  kafka_version          = "3.5.1"
  number_of_broker_nodes = 4
  broker_node_group_info = {
    broker_az_distribution = "DEFAULT"
    client_subnets         = ["subnet-08ad4f216501972ec", "subnet-0a4649033661b7a3e"]
    instance_type          = "kafka.m7g.large"
    security_groups        = ["sg-044b064d6706ce34f"]
  }
  encryption_info = {
    encryption_in_transit = {
      client_broker = "TLS_PLAINTEXT"
      in_cluster    = true
    }
  }
  enhanced_monitoring = "PER_TOPIC_PER_BROKER"
  storage_mode        = "LOCAL"

  logging_info = {
    broker_logs = {
      cloudwatch_logs = {
        enabled = false
      }
    }
  }

  tags = {
    "Modified By" = "AWSCC"
  }
}

Debug Output

From Debug logs..

2024-06-29T11:58:41.558-0400 [DEBUG] provider.terraform-provider-awscc_v1.4.0_x5: Detected value change between proposed new state and prior state: @module=sdk.framework tf_attribute_path=logging_info tf_provider_addr=registry.terraform.io/hashicorp/awscc tf_req_id=d036cbfb-8ac9-a599-df5c-bd681d664dd1 @caller=github.com/hashicorp/terraform-plugin-framework@v1.9.0/internal/fwserver/server_planresourcechange.go:208 tf_resource_type=awscc_msk_cluster tf_rpc=PlanResourceChange timestamp=2024-06-29T11:58:41.558-0400

2024-06-29T11:58:41.558-0400 [DEBUG] provider.terraform-provider-awscc_v1.4.0_x5: Detected value change between proposed new state and prior state: @module=sdk.framework tf_attribute_path=encryption_info tf_req_id=d036cbfb-8ac9-a599-df5c-bd681d664dd1 tf_rpc=PlanResourceChange @caller=github.com/hashicorp/terraform-plugin-framework@v1.9.0/internal/fwserver/server_planresourcechange.go:208 tf_provider_addr=registry.terraform.io/hashicorp/awscc tf_resource_type=awscc_msk_cluster timestamp=2024-06-29T11:58:41.558-0400

2024-06-29T11:58:41.558-0400 [DEBUG] provider.terraform-provider-awscc_v1.4.0_x5: Detected value change between proposed new state and prior state: @module=sdk.framework tf_req_id=d036cbfb-8ac9-a599-df5c-bd681d664dd1 tf_rpc=PlanResourceChange tf_attribute_path=open_monitoring tf_provider_addr=registry.terraform.io/hashicorp/awscc tf_resource_type=awscc_msk_cluster @caller=github.com/hashicorp/terraform-plugin-framework@v1.9.0/internal/fwserver/server_planresourcechange.go:208 timestamp=2024-06-29T11:58:41.558-0400

2024-06-29T11:58:41.558-0400 [DEBUG] provider.terraform-provider-awscc_v1.4.0_x5: Detected value change between proposed new state and prior state: @caller=github.com/hashicorp/terraform-plugin-framework@v1.9.0/internal/fwserver/server_planresourcechange.go:208 @module=sdk.framework tf_attribute_path=broker_node_group_info tf_provider_addr=registry.terraform.io/hashicorp/awscc tf_req_id=d036cbfb-8ac9-a599-df5c-bd681d664dd1 tf_resource_type=awscc_msk_cluster tf_rpc=PlanResourceChange timestamp=2024-06-29T11:58:41.558-0400

Panic Output

Expected Behavior

Actual Behavior

Terraform identified changes in the above inputs and called out as needing to be updated in place.

Terraform used the selected providers to generate the following
execution plan. Resource actions are indicated with the following
symbols:
  ~ update in-place

Terraform will perform the following actions:

  # awscc_msk_cluster.example will be updated in-place
  ~ resource "awscc_msk_cluster" "example" {
      + client_authentication  = (known after apply)
        id                     = "arn:aws:kafka:us-east-1:############:cluster/example/9e9120ad-896c-409a-a05a-1e753df06d71-7"
      ~ logging_info           = {
          ~ broker_logs = {
              ~ cloudwatch_logs = {
                  + log_group = (known after apply)
                    # (1 unchanged attribute hidden)
                }
                # (2 unchanged attributes hidden)
            }
        }
        tags                   = {
            "Modified By" = "AWSCC"
        }
        # (11 unchanged attributes hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy

Steps to Reproduce

1. terraform apply

Important Factoids

References

• 0000

[quixoticmonk]

Additional context

• Priorstate

{
  "arn": "arn:aws:kafka:us-east-1:############:cluster/example/9e9120ad-896c-409a-a05a-1e753df06d71-7",

  "client_authentication": null,
  "encryption_info": {
    "encryption_at_rest": {
      "data_volume_kms_key_id": "arn:aws:kms:us-east-1:############:key/4d7d2341-bdf5-40ce-9a2d-1c6d408d4330"
    },
    "encryption_in_transit": {
      "client_broker": "TLS_PLAINTEXT",
      "in_cluster": true
    }
  },

  "logging_info": {
    "broker_logs": {
      "cloudwatch_logs": {
        "enabled": false,
        "log_group": null
      },
      "firehose": {
        "delivery_stream": null,
        "enabled": false
      },
      "s3": {
        "bucket": null,
        "enabled": false,
        "prefix": null
      }
    }
  },
  "number_of_broker_nodes": 4,
  "open_monitoring": {
    "prometheus": {
      "jmx_exporter": {
        "enabled_in_broker": false
      },
      "node_exporter": {
        "enabled_in_broker": false
      }
    }
  },

}

• 1719682393438_PlanResourceChange_Request_ProposedNewState

{
  "arn": "arn:aws:kafka:us-east-1:############:cluster/example/9e9120ad-896c-409a-a05a-1e753df06d71-7",

  "client_authentication": null,
  "encryption_info": {
    "encryption_at_rest": null,
    "encryption_in_transit": {
      "client_broker": "TLS_PLAINTEXT",
      "in_cluster": true
    }
  },

  "logging_info": {
    "broker_logs": {
      "cloudwatch_logs": {
        "enabled": false,
        "log_group": null
      },
      "firehose": null,
      "s3": null
    }
  },
  "number_of_broker_nodes": 4,
  "open_monitoring": null,

}

• 1719682393459_PlanResourceChange_Response_PlannedState

{
  "arn": "arn:aws:kafka:us-east-1:############:cluster/example/9e9120ad-896c-409a-a05a-1e753df06d71-7",

  "client_authentication": "\u0000",

  "encryption_info": {
    "encryption_at_rest": {
      "data_volume_kms_key_id": "arn:aws:kms:us-east-1:############:key/4d7d2341-bdf5-40ce-9a2d-1c6d408d4330"
    },
    "encryption_in_transit": {
      "client_broker": "TLS_PLAINTEXT",
      "in_cluster": true
    }
  },

  "logging_info": {
    "broker_logs": {
      "cloudwatch_logs": {
        "enabled": false,
        "log_group": "\u0000"
      },
      "firehose": {
        "delivery_stream": null,
        "enabled": false
      },
      "s3": {
        "bucket": null,
        "enabled": false,
        "prefix": null
      }
    }
  },
  "number_of_broker_nodes": 4,
  "open_monitoring": {
    "prometheus": {
      "jmx_exporter": {
        "enabled_in_broker": false
      },
      "node_exporter": {
        "enabled_in_broker": false
      }
    }
  },

}

[wellsiau-aws]

Related to #1216