search

terraform-aws-modules / terraform-aws-ecr

Terraform module to create AWS ECR resources πŸ‡ΊπŸ‡¦
https://registry.terraform.io/modules/terraform-aws-modules/ecr/aws
Apache License 2.0
52 stars 109 forks source link

repository_lifecycle_policy returns an error if omitted #2

Closed JamesWhyley closed 2 years ago

JamesWhyley commented 2 years ago

Description

Creating a private repository with repository_lifecycle_policy omitted or set to a value of "" results in a validation error being thrown.

Versions

Reproduction Code [Required]

module "base_images" {
  source  = "terraform-aws-modules/ecr/aws"
  version = "1.1.1"

  repository_name                 = "foo/base-images"
  repository_image_scan_on_push   = true
  repository_image_tag_mutability = "MUTABLE"
}

Steps to reproduce the behavior:

Run a plan against the above. This results in successful completion.

Running apply against the plan then creates the requested resources but also returns the following:

Error: InvalidParameter: 1 validation error(s) found.
- minimum field size of 100, PutLifecyclePolicyInput.LifecyclePolicyText.

with module.base_images.aws_ecr_lifecycle_policy.this[0],
on .terraform-management/modules/base_images/main.tf line 122, in resource "aws_ecr_lifecycle_policy" "this":
122: resource "aws_ecr_lifecycle_policy" "this" {

Upon closer inspection of the plan, the following unexpected resource is listed.

# module.base_images.aws_ecr_lifecycle_policy.this[0] will be created
  + resource "aws_ecr_lifecycle_policy" "this" {
      + id          = (known after apply)
      + registry_id = (known after apply)
      + repository  = "cronofy/base-images"
    }

Expected behavior

Empty ECR repository created with no lifecycle policy.

Actual behavior

Empty ECR repository is created as expected but with a validation error thrown for lifecycle policy creation that wasn't requested.

Additional context

Not a huge issue from our point of view as we're working around the validation error by adding a policy that won't be triggered by anything in the repository but thought it worth mentioning.

Addendum. A colleague has advised that the same behaviour is observed even if create_repository_policy = false is set.

bryantbiggs commented 2 years ago

Thank you for the issue - I'll take a look

github-actions[bot] commented 1 year ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.