search

lgallard / terraform-aws-cognito-user-pool

Terraform module to create Amazon Cognito User Pools, configure its attributes and resources such as app clients, domain, resource servers. Amazon Cognito User Pools provide a secure user directory that scales to hundreds of millions of users.
Apache License 2.0
89 stars 95 forks source link

new value: .write_attributes: was cty.SetValEmpty(cty.String), but now │ null #117

Open onor13 opened 1 year ago

onor13 commented 1 year ago

We already had a configuration in place, after the upgrade of terraform and this plugin I am getting the following error: _When applying changes to │ module.user_pool.aws_cognito_user_pool_client.client[0], provider │ "provider[\"registry.terraform.io/hashicorp/aws\"]" produced an unexpected │ new value: .writeattributes: was cty.SetValEmpty(cty.String), but now │ null. │ │ This is a bug in the provider, which should be reported in the provider's │ own issue tracker.

I am using: hashicorp/aws v4.60.0 terraform: 1.4.0 lgallard/cognito-user-pool/aws: 0.20.1 (I tried the v0.21 but it fails with the error described here https://github.com/lgallard/terraform-aws-cognito-user-pool/issues/112 )

The same configuration was working fine with terraform 0.15.2 and the plugin version 0.18.2

module "user_pool" {
  source  = "lgallard/cognito-user-pool/aws"
  version = "0.20.1"  # v0.21 fails with: attributes_require_verification_before_update = lookup(user_attribute_update_settings.value,...

  user_pool_name = var.name
  domain         = local.stripped_domain_name
  admin_create_user_config_allow_admin_create_user_only = true
  username_attributes                                   = ["email"]

  email_verification_message = var.email_verification_message

  password_policy = {
    minimum_length                   = 8
    require_lowercase                = false
    require_numbers                  = true
    require_symbols                  = false
    require_uppercase                = true
    temporary_password_validity_days = 1
  }

  email_configuration = {
    email_sending_account  = "DEVELOPER"
    from_email_address     = "noreply@${var.email_domain}"
    source_arn             = var.ses_domain_identity
  }

  recovery_mechanisms = [
    {
      name     = "verified_email"
      priority = 1
    }
  ]

  clients = [
    {
      allowed_oauth_flows                  = ["code"]
      allowed_oauth_flows_user_pool_client = true
      allowed_oauth_scopes                 = ["email", "openid"]
      callback_urls                        = ["https://${var.domain_name}/oauth2/callback"]
      default_redirect_uri                 = "https://${var.domain_name}/oauth2/callback"
      explicit_auth_flows                  = ["ALLOW_USER_SRP_AUTH", "ALLOW_REFRESH_TOKEN_AUTH"]
      generate_secret                      = true
      logout_urls                          = ["https://${var.domain_name}", "https://${var.domain_name}/oauth2/sign_out"]
      name                                 = local.client_name
      read_attributes                      = ["email"]
      supported_identity_providers         = ["COGNITO"]
      write_attributes                     = []
      access_token_validity                = 1
      id_token_validity                    = 1
      refresh_token_validity               = 1
      token_validity_units = {
        access_token  = "hours"
        id_token      = "hours"
        refresh_token = "days"
      }
    }
  ]
}
lgallard commented 1 year ago

@onor13 it seems to me as a Terraform AWS provider issue:

│ This is a bug in the provider, which should be reported in the provider's │ own issue tracker.

In any case, did you try with latest version of this module and the AWS provider?