possible bug in aws_secretsmanager_secret_version

[Korbl]

Hello, when using any password stored in AWS Secrets manager and retrieved via aws_secretsmanager_secret_version, it is unable to handle passwords with special characters. This seems to be new as we never ran into this prior to upgrading to 0.12

Terraform v0.12.19

Terraform Configuration Files

data "aws_secretsmanager_secret_version" "this" {
  secret_id     = var.secret_id
  version_stage = var.version_stage
  version_id    = var.version_id
}

output "secret_map" {
  value = data.aws_secretsmanager_secret_version.this.secret_string
}

resource "aws_elasticache_replication_group" "redis" {
transit_encryption_enabled    = .True
auth_token                 = jsondecode(module.get-mobileapi-redis-secret.test_map["redis_password"]

When this code is run and there is a % & $ n the password, it fails with the error

" Error: Error creating Elasticache Replication Group: InvalidParameterValue: Invalid AuthToken provided."

When the % and % are removed , it deploys fine.

Debug Output

2020-01-30T12:35:05.377+0100 [DEBUG] plugin: plugin process exited: path=/Users/sitschner/Files/Jumbo/terrafrom/prod/.terraform/plugins/darwin_amd64/terraform-provider-aws_v2.46.0_x4 pid=60308 2020-01-30T12:35:05.377+0100 [DEBUG] plugin: plugin exited 2020/01/30 12:35:05 [WARN] Provider "registry.terraform.io/-/aws" produced an invalid plan for module.mobileapi_redis-b.aws_elasticache_replication_group.redis, but we are tolerating it because it is using the legacy plugin SDK. The following problems may be the cause of any confusing errors from downstream operations:

• .engine: planned value cty.StringVal("redis") does not match config value cty.NullVal(cty.String)
• .auto_minor_version_upgrade: planned value cty.True does not match config value cty.NullVal(cty.Bool)
• .cluster_mode: attribute representing nested block must not be unknown itself; set nested attribute values to unknown instead 2020/01/30 12:35:05 [DEBUG] module.mobileapi_redis-b.aws_elasticache_replication_group.redis: applying the planned Create change 2020-01-30T12:35:05.399+0100 [DEBUG] plugin.terraform-provider-aws_v2.46.0_x4: 2020/01/30 12:35:05 [DEBUG] setting computed for "security_group_names" from ComputedKeys 2020-01-30T12:35:05.399+0100 [DEBUG] plugin.terraform-provider-aws_v2.46.0_x4: 2020/01/30 12:35:05 [DEBUG] setting computed for "member_clusters" from ComputedKeys 2020-01-30T12:35:05.399+0100 [DEBUG] plugin.terraform-provider-aws_v2.46.0_x4: 2020/01/30 12:35:05 [DEBUG] setting computed for "cluster_mode" from ComputedKeys 2020-01-30T12:35:05.400+0100 [DEBUG] plugin.terraform-provider-aws_v2.46.0_x4: 2020/01/30 12:35:05 [DEBUG] [aws-sdk-go] DEBUG: Request elasticache/CreateReplicationGroup Details: 2020-01-30T12:35:05.400+0100 [DEBUG] plugin.terraform-provider-aws_v2.46.0_x4: ---[ REQUEST POST-SIGN ]----------------------------- 2020-01-30T12:35:05.400+0100 [DEBUG] plugin.terraform-provider-aws_v2.46.0_x4: POST / HTTP/1.1 2020-01-30T12:35:05.400+0100 [DEBUG] plugin.terraform-provider-aws_v2.46.0_x4: Host: elasticache.eu-central-1.amazonaws.com 2020-01-30T12:35:05.400+0100 [DEBUG] plugin.terraform-provider-aws_v2.46.0_x4: User-Agent: aws-sdk-go/1.28.7 (go1.13.5; darwin; amd64) APN/1.0 HashiCorp/1.0 Terraform/0.12.19 (+https://www.terraform.io) 2020-01-30T12:35:05.400+0100 [DEBUG] plugin.terraform-provider-aws_v2.46.0_x4: Content-Length: 742 2020-01-30T12:35:05.400+0100 [DEBUG] plugin.terraform-provider-aws_v2.46.0_x4: Authorization: AWS4-HMAC-SHA256 Credential=AKIAIBFBZI5I7SASVRKQ/20200130/eu-central-1/elasticache/aws4_request, SignedHeaders=content-length;content-type;host;x-amz-date, Signature=fd63edbf6c4e311dd52fd272e20929cc156cff012385e9069d8ac91016bc0fba 2020-01-30T12:35:05.400+0100 [DEBUG] plugin.terraform-provider-aws_v2.46.0_x4: Content-Type: application/x-www-form-urlencoded; charset=utf-8 2020-01-30T12:35:05.400+0100 [DEBUG] plugin.terraform-provider-aws_v2.46.0_x4: X-Amz-Date: 20200130T113505Z 2020-01-30T12:35:05.400+0100 [DEBUG] plugin.terraform-provider-aws_v2.46.0_x4: Accept-Encoding: gzip 2020-01-30T12:35:05.400+0100 [DEBUG] plugin.terraform-provider-aws_v2.46.0_x4: -1c&PreferredCacheClusterAZs.AvailabilityZone.3=eu-central-1b&ReplicationGroupDescription=prod-mobileapi-b-cache&ReplicationGroupId=prod-mobileapi-b&SecurityGroupIds.SecurityGroupId.1=sg-0900d5951ed262a97&Tags.Tag.1.Key=Name&Tags.Tag.1.Value=prod-mobileapi-b-cache&Tags.Tag.2.Key=Environment&Tags.Tag.2.Value=prod&TransitEncryptionEnabled=true&Version=2015-02-02 2020-01-30T12:35:05.400+0100 [DEBUG] plugin.terraform-provider-aws_v2.46.0_x4: ----------------------------------------------------- 2020-01-30T12:35:05.544+0100 [DEBUG] plugin.terraform-provider-aws_v2.46.0_x4: 2020/01/30 12:35:05 [DEBUG] [aws-sdk-go] DEBUG: Response elasticache/CreateReplicationGroup Details: 2020-01-30T12:35:05.545+0100 [DEBUG] plugin.terraform-provider-aws_v2.46.0_x4: ---[ RESPONSE ]-------------------------------------- 2020-01-30T12:35:05.545+0100 [DEBUG] plugin.terraform-provider-aws_v2.46.0_x4: HTTP/1.1 400 Bad Request 2020-01-30T12:35:05.545+0100 [DEBUG] plugin.terraform-provider-aws_v2.46.0_x4: Connection: close 2020-01-30T12:35:05.545+0100 [DEBUG] plugin.terraform-provider-aws_v2.46.0_x4: Content-Length: 287 2020-01-30T12:35:05.545+0100 [DEBUG] plugin.terraform-provider-aws_v2.46.0_x4: Content-Type: text/xml 2020-01-30T12:35:05.545+0100 [DEBUG] plugin.terraform-provider-aws_v2.46.0_x4: Date: Thu, 30 Jan 2020 11:35:05 GMT 2020-01-30T12:35:05.545+0100 [DEBUG] plugin.terraform-provider-aws_v2.46.0_x4: X-Amzn-Requestid: befa2cb2-a98a-49de-a14a-1fb0e9628929 2020-01-30T12:35:05.545+0100 [DEBUG] plugin.terraform-provider-aws_v2.46.0_x4: 2020-01-30T12:35:05.545+0100 [DEBUG] plugin.terraform-provider-aws_v2.46.0_x4: 2020-01-30T12:35:05.545+0100 [DEBUG] plugin.terraform-provider-aws_v2.46.0_x4: ----------------------------------------------------- 2020-01-30T12:35:05.545+0100 [DEBUG] plugin.terraform-provider-aws_v2.46.0_x4: 2020/01/30 12:35:05 [DEBUG] [aws-sdk-go] 2020-01-30T12:35:05.545+0100 [DEBUG] plugin.terraform-provider-aws_v2.46.0_x4: 2020-01-30T12:35:05.545+0100 [DEBUG] plugin.terraform-provider-aws_v2.46.0_x4: Sender 2020-01-30T12:35:05.545+0100 [DEBUG] plugin.terraform-provider-aws_v2.46.0_x4: InvalidParameterValue 2020-01-30T12:35:05.545+0100 [DEBUG] plugin.terraform-provider-aws_v2.46.0_x4: Invalid AuthToken provided. 2020-01-30T12:35:05.545+0100 [DEBUG] plugin.terraform-provider-aws_v2.46.0_x4: 2020-01-30T12:35:05.545+0100 [DEBUG] plugin.terraform-provider-aws_v2.46.0_x4: befa2cb2-a98a-49de-a14a-1fb0e9628929 2020-01-30T12:35:05.545+0100 [DEBUG] plugin.terraform-provider-aws_v2.46.0_x4: 2020-01-30T12:35:05.545+0100 [DEBUG] plugin.terraform-provider-aws_v2.46.0_x4: 2020/01/30 12:35:05 [DEBUG] [aws-sdk-go] DEBUG: Validate Response elasticache/CreateReplicationGroup failed, attempt 0/25, error InvalidParameterValue: Invalid AuthToken provided. 2020-01-30T12:35:05.545+0100 [DEBUG] plugin.terraform-provider-aws_v2.46.0_x4: status code: 400, request id: befa2cb2-a98a-49de-a14a-1fb0e9628929 2020/01/30 12:35:05 [DEBUG] module.mobileapi_redis-b.aws_elasticache_replication_group.redis: apply errored, but we're indicating that via the Error pointer rather than returning it: Error creating Elasticache Replication Group: InvalidParameterValue: Invalid AuthToken provided. status code: 400, request id: befa2cb2-a98a-49de-a14a-1fb0e9628929 2020/01/30 12:35:05 [ERROR] module.mobileapi_redis-b: eval: terraform.EvalApplyPost, err: Error creating Elasticache Replication Group: InvalidParameterValue: Invalid AuthToken provided. status code: 400, request id: befa2cb2-a98a-49de-a14a-1fb0e9628929 2020/01/30 12:35:05 [ERROR] module.mobileapi_redis-b: eval: terraform.EvalSequence, err: Error creating Elasticache Replication Group: InvalidParameterValue: Invalid AuthToken provided. status code: 400, request id: befa2cb2-a98a-49de-a14a-1fb0e9628929 2020-01-30T12:35:05.619+0100 [DEBUG] plugin.terraform-provider-aws_v2.46.0_x4: 2020/01/30 12:35:05 [DEBUG] [aws-sdk-go] DEBUG: Response sts/GetCallerIdentity Details: 2020-01-30T12:35:05.619+0100 [DEBUG] plugin.terraform-provider-aws_v2.46.0_x4: ---[ RESPONSE ]--------------------------------------

Expected Behavior

I should be able to use special characters in a password , like I did in 0.11

Actual Behavior

Can't use special characters.

Steps to Reproduce

[ghost]

This issue has been automatically migrated to terraform-providers/terraform-provider-aws#11818 because it looks like an issue with that provider. If you believe this is not an issue with the provider, please reply to terraform-providers/terraform-provider-aws#11818.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.