Terraform-provider-aws: Cognito unused_account_validity_days bug with 2.47

Created on 3 Feb 2020  ·  11Comments  ·  Source: hashicorp/terraform-provider-aws

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

Terraform v0.12.20
Provider AWS 2.47

Affected Resource(s)

  • aws_cognito_user_pool

Terraform Configuration Files


resource "aws_cognito_user_pool" "this" {
  name = var.pool_name

  password_policy {
    minimum_length    = 8
    require_lowercase = true
    require_numbers   = true
    require_symbols   = true
    require_uppercase = true
    temporary_password_validity_days = 90
  }

  admin_create_user_config {
    allow_admin_create_user_only = true
  }

  schema {
    attribute_data_type      = "String"
    developer_only_attribute = false
    mutable                  = true
    name                     = "email"
    required                 = true

    string_attribute_constraints {
      min_length = 0
      max_length = 2048
    }
  }

  schema {
    attribute_data_type      = "String"
    developer_only_attribute = false
    mutable                  = true
    name                     = "name"
    required                 = true

    string_attribute_constraints {
      min_length = 0
      max_length = 2048
    }
  }

  schema {
    attribute_data_type      = "String"
    developer_only_attribute = false
    mutable                  = true
    name                     = "family_name"
    required                 = true

    string_attribute_constraints {
      min_length = 0
      max_length = 2048
    }
  }

  schema {
    attribute_data_type      = "String"
    developer_only_attribute = false
    mutable                  = true
    name                     = "profile"
    required                 = false

    string_attribute_constraints {
      min_length = 0
      max_length = 2048
    }
  }

  tags = merge(var.common_tags)
}

Debug Output

https://gist.github.com/alemazz/e7f72c95f47405107ff1c8686f10b611

Panic Output

Expected Behavior

Terraform report a clean plan/apply with new value "temporary_password_validity_days = 90"

Actual Behavior

Terraform keep re add the old configuration with deprecated value "unused_account_validity_days"

Steps to Reproduce

  1. terraform apply

Important Factoids

References

  • #0000
bug regression serviccognito
Source
picture alemazz
👍13

Most helpful comment

From what I've noticed the aws-provider reports the existence of the unused_account_validity_days even if it was never declared, automatically matching the new temporary_password_validity_days, presumably there's some mapping that remains, or that will need to be done due to how aws configures things internally.

picture jlsjonas on 3 Feb 2020
👍3

All 11 comments

From what I've noticed the aws-provider reports the existence of the unused_account_validity_days even if it was never declared, automatically matching the new temporary_password_validity_days, presumably there's some mapping that remains, or that will need to be done due to how aws configures things internally.

jlsjonas picture jlsjonas on 3 Feb 2020
👍3

Also getting this with TF 0.12.18 and AWS provider 2.47, guessing it's because the old attribute is still in the state.

nickdgriffin picture nickdgriffin on 4 Feb 2020

@nickdgriffin I thought so, I tried to pull (terraform pull) and repush (terraform push) the state dropping the keyword "unused_account_validity_days"

alemazz picture alemazz on 4 Feb 2020

I am also seeing this issues. 12.18 and provider 2.47

In the mean time i am getting around it with this:

lifecycle { ignore_changes = [ admin_create_user_config.0.unused_account_validity_days ] }

brianabston001 picture brianabston001 on 4 Feb 2020
👍1

Also getting this with TF 0.12.18 and AWS provider 2.47, guessing it's because the old attribute is still in the state.

@nickdgriffin I thought the same, but also had this on a completely new state (had several environments to set up, coincidentally :) )

jlsjonas picture jlsjonas on 5 Feb 2020

See https://github.com/terraform-providers/terraform-provider-aws/pull/10890 for wider context, this is AWS API.

michalschott picture michalschott on 11 Feb 2020

Ah, looks like the unused_account_validity_days field is missing Computed: true on the schema, since we want to ignore when folks are not adding it to their Terraform configurations. Will submit fix shortly.

bflad picture bflad on 11 Feb 2020
👍1

Fix submitted: https://github.com/terraform-providers/terraform-provider-aws/pull/12001

bflad picture bflad on 11 Feb 2020

The fix for this has been merged and will release with version 2.49.0 of the Terraform AWS Provider, tomorrow. 👍

bflad picture bflad on 12 Feb 2020
1

This has been released in version 2.49.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

hashibot[bot] picture hashibot[bot] on 14 Feb 2020

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

hashibot[bot] picture hashibot[bot] on 27 Mar 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

gothrek22 picture gothrek22  ·  3Comments
modax picture modax  ·  3Comments
hashibot picture hashibot  ·  3Comments
dvishniakov picture dvishniakov  ·  3Comments
joelittlejohn picture joelittlejohn  ·  3Comments