awscc_ecr_repository_creation_template: Error: Provider returned invalid result object after apply

[mercurial963]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment
• The resources and data sources in this provider are generated from the CloudFormation schema, so they can only support the actions that the underlying schema supports. For this reason submitted bugs should be limited to defects in the generation and runtime code of the provider. Customizing behavior of the resource, or noting a gap in behavior are not valid bugs and should be submitted as enhancements to AWS via the CloudFormation Open Coverage Roadmap.

Terraform CLI and Terraform AWS Cloud Control Provider Version

Terraform v1.8.3
on darwin_arm64
+ provider registry.terraform.io/hashicorp/aws v5.61.0
+ provider registry.terraform.io/hashicorp/awscc v1.8.0

Affected Resource(s)

• awscc_ecr_repository_creation_template

Terraform Configuration Files

data "aws_iam_policy_document" "ecr_policy" {
  statement {
    sid = "AllowOrganizationPull"
    actions = [
      "ecr:BatchGetImage",
      "ecr:GetDownloadUrlForLayer"
    ]
    effect = "Allow"
    principals {
      type        = "*"
      identifiers = ["*"]
    }
    condition {
      test     = "StringEquals"
      variable = "aws:PrincipalOrgID"
      values   = [var.aws_organization_id]
    }
  }
}

resource "awscc_ecr_repository_creation_template" "docker_hub" {
  applied_for          = ["PULL_THROUGH_CACHE"]
  prefix               = "docker-hub/"
  image_tag_mutability = "MUTABLE"
  description          = "Pull-through cache for Docker Hub repository"
  repository_policy    = data.aws_iam_policy_document.ecr_policy.json
  lifecycle_policy     = jsonencode({
    rules = [
      {
        rulePriority = 1
        description  = "Expire untagged images older than 30 days"
        selection = {
          tagStatus   = "untagged"
          countType   = "sinceImagePushed"
          countUnit   = "days"
          countNumber = 30
        }
        action = {
          type = "expire"
        }
      }
    ]
  })
}

resource "awscc_ecr_repository_creation_template" "github" {
  applied_for          = ["PULL_THROUGH_CACHE"]
  prefix               = "github/"
  image_tag_mutability = "MUTABLE"
  description          = "Pull-through cache for Github repository"
  repository_policy    = data.aws_iam_policy_document.ecr_policy.json
  lifecycle_policy     = jsonencode({
    rules = [
      {
        rulePriority = 1
        description  = "Expire untagged images older than 30 days"
        selection = {
          tagStatus   = "untagged"
          countType   = "sinceImagePushed"
          countUnit   = "days"
          countNumber = 30
        }
        action = {
          type = "expire"
        }
      }
    ]
  })
}

Debug Output

Panic Output

Expected Behavior

Actual Behavior

The resources should be provisioned without issues.

Steps to Reproduce

1. terraform apply

   
   Do you want to perform these actions?
   Terraform will perform the actions described above.
   Only 'yes' will be accepted to approve.
   
   Enter a value: yes

module.ecr_pull_through_cache.awscc_ecr_repository_creation_template.github: Creating... module.ecr_pull_through_cache.awscc_ecr_repository_creation_template.docker_hub: Creating... ╷ │ Error: Provider returned invalid result object after apply │ │ After the apply operation, the provider still indicated an unknown value for │ module.ecr_pull_through_cache.awscc_ecr_repository_creation_template.docker_hub.created_at. All values must be known after apply, so this is always a bug │ in the provider and should be reported in the provider's own repository. Terraform will still save the other known object values in the state. ╵ ╷ │ Error: Provider returned invalid result object after apply │ │ After the apply operation, the provider still indicated an unknown value for │ module.ecr_pull_through_cache.awscc_ecr_repository_creation_template.docker_hub.custom_role_arn. All values must be known after apply, so this is always a │ bug in the provider and should be reported in the provider's own repository. Terraform will still save the other known object values in the state. ╵ ╷ │ Error: Provider returned invalid result object after apply │ │ After the apply operation, the provider still indicated an unknown value for │ module.ecr_pull_through_cache.awscc_ecr_repository_creation_template.docker_hub.encryption_configuration. All values must be known after apply, so this is │ always a bug in the provider and should be reported in the provider's own repository. Terraform will still save the other known object values in the state. ╵ ╷ │ Error: Provider returned invalid result object after apply │ │ After the apply operation, the provider still indicated an unknown value for │ module.ecr_pull_through_cache.awscc_ecr_repository_creation_template.docker_hub.resource_tags. All values must be known after apply, so this is always a │ bug in the provider and should be reported in the provider's own repository. Terraform will still save the other known object values in the state. ╵ ╷ │ Error: Provider returned invalid result object after apply │ │ After the apply operation, the provider still indicated an unknown value for │ module.ecr_pull_through_cache.awscc_ecr_repository_creation_template.docker_hub.updated_at. All values must be known after apply, so this is always a bug │ in the provider and should be reported in the provider's own repository. Terraform will still save the other known object values in the state. ╵ ╷ │ Error: Provider returned invalid result object after apply │ │ After the apply operation, the provider still indicated an unknown value for │ module.ecr_pull_through_cache.awscc_ecr_repository_creation_template.github.created_at. All values must be known after apply, so this is always a bug in │ the provider and should be reported in the provider's own repository. Terraform will still save the other known object values in the state. ╵ ╷ │ Error: Provider returned invalid result object after apply │ │ After the apply operation, the provider still indicated an unknown value for │ module.ecr_pull_through_cache.awscc_ecr_repository_creation_template.github.custom_role_arn. All values must be known after apply, so this is always a bug │ in the provider and should be reported in the provider's own repository. Terraform will still save the other known object values in the state. ╵ ╷ │ Error: Provider returned invalid result object after apply │ │ After the apply operation, the provider still indicated an unknown value for │ module.ecr_pull_through_cache.awscc_ecr_repository_creation_template.github.encryption_configuration. All values must be known after apply, so this is │ always a bug in the provider and should be reported in the provider's own repository. Terraform will still save the other known object values in the state. ╵ ╷ │ Error: Provider returned invalid result object after apply │ │ After the apply operation, the provider still indicated an unknown value for │ module.ecr_pull_through_cache.awscc_ecr_repository_creation_template.github.resource_tags. All values must be known after apply, so this is always a bug in │ the provider and should be reported in the provider's own repository. Terraform will still save the other known object values in the state. ╵ ╷ │ Error: Provider returned invalid result object after apply │ │ After the apply operation, the provider still indicated an unknown value for │ module.ecr_pull_through_cache.awscc_ecr_repository_creation_template.github.updated_at. All values must be known after apply, so this is always a bug in │ the provider and should be reported in the provider's own repository. Terraform will still save the other known object values in the state. ╵ ╷ │ Error: AWS Resource Not Found After Creation or Update │ │ with module.ecr_pull_through_cache.awscc_ecr_repository_creation_template.docker_hub, │ on .terraform/modules/ecr_pull_through_cache/ecr-pullthroughcache/main.tf line 28, in resource "awscc_ecr_repository_creation_template" "docker_hub": │ 28: resource "awscc_ecr_repository_creation_template" "docker_hub" { │ │ After creating or updating the AWS resource and attempting to read the resource, the API returned a resource not found error. This is typically an error │ with the Terraform resource implementation. Original Error: couldn't find resource ╵ ╷ │ Error: AWS Resource Not Found After Creation or Update │ │ with module.ecr_pull_through_cache.awscc_ecr_repository_creation_template.github, │ on .terraform/modules/ecr_pull_through_cache/ecr-pullthroughcache/main.tf line 53, in resource "awscc_ecr_repository_creation_template" "github": │ 53: resource "awscc_ecr_repository_creation_template" "github" { │ │ After creating or updating the AWS resource and attempting to read the resource, the API returned a resource not found error. This is typically an error │ with the Terraform resource implementation. Original Error: couldn't find resource

<img width="1285" alt="image" src="https://github.com/user-attachments/assets/6c455d45-cc3e-4208-9fce-996a69dee9fb">

### Important Factoids

<!--- Are there anything atypical about your accounts that we should know? For example: Running in EC2 Classic? --->

### References

<!---
Information about referencing Github Issues: https://help.github.com/articles/basic-writing-and-formatting-syntax/#referencing-issues-and-pull-requests

Are there any other GitHub issues (open or closed) or pull requests that should be linked here? Vendor documentation? For example:
--->

[quixoticmonk]

Thank you for opening the issue @mercurial963 . This looks like a duplicate of #1817 .

[quixoticmonk]

Closing this issue to track both under #1817 . Service ticket opened to review this.