search

hashicorp / terraform

Terraform enables you to safely and predictably create, change, and improve infrastructure. It is a source-available tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned.
https://www.terraform.io/
Other
42.73k stars 9.55k forks source link

[BUG]: switch from secret rotation automatically_after to schedule_expression fails with error InvalidParameterException: You cannot specify both rotation frequency and schedule expression together. #33810

Closed yogesh2580 closed 1 year ago

yogesh2580 commented 1 year ago

Terraform Version

Terraform Version : Terraform v1.5.4 
Installing hashicorp/aws v5.11.0...

Terraform Configuration Files

...terraform config...

variable "rotation_days" { description = "Interval in which the secrets are rotated(in days)" default = "43" }

variable "schedule_expression"{ type = string description = "A cron() or rate() expression that defines the schedule for rotating the secrets." default = null }

resource "aws_secretsmanager_secret_rotation" "secret" { secret_id = aws_secretsmanager_secret.secret[0].id rotation_lambda_arn = aws_lambda_function.lambda_rotation[0].arn rotation_rules { automatically_after_days = var.schedule_expression == null ? var.rotation_days : null schedule_expression = var.schedule_expression } }

Debug Output

15:49:55 # module.postgres.aws_secretsmanager_secret_rotation.secret[0] will be updated in-place 15:49:55 ~ resource "aws_secretsmanager_secret_rotation" "secret" { 15:49:55 id = "arn:aws:secretsmanager:us-east-1:598693051713:secret:iac/datafabric/integration/datafabric/pdfrb-8332-v1-tp4F2g" 15:49:55 # (3 unchanged attributes hidden) 15:49:55
15:49:55 ~ rotation_rules { 15:49:55 + schedule_expression = "cron(0 /8 ? *)" 15:49:55 # (1 unchanged attribute hidden) 15:49:55 } 15:49:55 }

Expected Behavior

secret rotation should have changed from frequency to cron based/ rate based error

Actual Behavior

Error: updating Secrets Manager Secret Rotation (arn): InvalidParameterException: You cannot specify both rotation frequency and schedule expression together.

with module.postgres.aws_secretsmanager_secret_rotation.secret[0], on .terraform/modules/postgres/main.tf line 215, in resource "aws_secretsmanager_secret_rotation" "secret": 215: resource "aws_secretsmanager_secret_rotation" "secret" {

Steps to Reproduce

terraform init terraform apply

Additional Context

There was a ticket for the same issue previously, it says the fix has been provided in the 5.7.0 version of the aws provider. the issue is still exist on 5.11.0 version of the aws provider. https://github.com/hashicorp/terraform-provider-aws/issues/30540

References

No response

jbardin commented 1 year ago

Hello,

This appears to be an issue or question with the AWS provider, not with Terraform itself. You can see existing issues and file a new one in their repository here: https://github.com/hashicorp/terraform-provider-aws/issues. If you have questions about Terraform or the AWS provider, it's better to use the community forum where there are more people ready to help. The GitHub issues here are monitored only by a few core maintainers.

Thanks!

yogesh2580 commented 1 year ago

Thanks @jbardin , will post my issue over there

github-actions[bot] commented 11 months ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.