Terraform-provider-aws: Terraform apply always shows changes on documentdb parameter group

Created on 19 May 2020  路  7Comments  路  Source: hashicorp/terraform-provider-aws

Terraform keeps displaying that actions will be performed on aws_docdb_cluster_parameter_group

module definition:

resource "aws_docdb_cluster_parameter_group" "documentdb_parameter_group" {
  family      = "docdb3.6"
  name        = "name"
  description = "docdb cluster parameter group"

  parameter {
    name  = "tls"
    value = "enabled"
    apply_method= "pending-reboot"
  }
}

~ terraform plan

  ~ resource "aws_docdb_cluster_parameter_group" "documentdb_parameter_group" {
        arn         = "arn"
        description = "docdb cluster parameter group"
        family      = "docdb3.6"
        id          = "id"
        name        = "name"
        tags        = {}

      + parameter {
          + apply_method = "pending-reboot"
          + name         = "tls"
          + value        = "Enabled"
        }
    }

I found in other github similar issues that it might be the "Enabled" value and should try true, 1 ..
I tried 1, "1", true, "true" and all of them showed same behaviour.

terraform version: 0.12.21
terraform aws provier version: 2.62.0

needs-triage servicdocdb
Source
picture aakrem
👍5

Most helpful comment

Same for me with slightly different versions and config. Main config difference is using apply_method = "immediate".

My versions are:
terraform: 0.12.26
terraform aws provider: 2.67
(terragrunt: 0.23.14)

picture mbld on 19 Jun 2020
👍3

All 7 comments

Same for me with slightly different versions and config. Main config difference is using apply_method = "immediate".

My versions are:
terraform: 0.12.26
terraform aws provider: 2.67
(terragrunt: 0.23.14)

mbld picture mbld on 19 Jun 2020
👍3

With Terraform v0.12.24, we are experiencing the same issue even though nothing has changed in our aws_docdb_cluster_parameter_group:

  # module.documentdb.aws_docdb_cluster_parameter_group.docdb will be updated in-place
  ~ resource "aws_docdb_cluster_parameter_group" "docdb" {
        arn         = "arn:aws:rds:us-east-1:647340561633:cluster-pg:alulastagingswarm-docdb-param-group"
        description = "Managed by Terraform"
        family      = "docdb3.6"
        id          = "alulastagingswarm-docdb-param-group"
        name        = "alulastagingswarm-docdb-param-group"
        tags        = {}

      + parameter {
          + apply_method = "pending-reboot"
          + name         = "tls"
          + value        = "enabled"
        }
    }
nathant727 picture nathant727 on 23 Jul 2020
👍1

The thing here appears to be a parameter on the resourceAwsDocDBClusterParameterGroupRead function inside the resource. On the line with the input definition for the DescribeDBClusterParameters API call have Source set to "user"

describeParametersOpts := &docdb.DescribeDBClusterParametersInput{
    DBClusterParameterGroupName: aws.String(d.Id()),
    Source:                      aws.String("user"),
}

As far I could check using awscli, getting rid of it return all values (change for your parameter group name).

Without source set to user.

aws docdb describe-db-cluster-parameters --db-cluster-parameter-group-name <NAME> | jq '.Parameters[] | "name=\(.ParameterName) type=\(.Source)"'
"name=audit_logs type=user"
"name=change_stream_log_retention_duration type=system"
"name=profiler type=user"
"name=profiler_sampling_rate type=system"
"name=profiler_threshold_ms type=user"
"name=tls type=system"
"name=ttl_monitor type=system"

With source set to user:

aws docdb describe-db-cluster-parameters --db-cluster-parameter-group-name <NAME> --source user | jq '.Parameters[] | "name=\(.ParameterName) type=\(.Source)"'
"name=audit_logs type=user"
"name=profiler type=user"
"name=profiler_threshold_ms type=user"
valter-lisboa picture valter-lisboa on 14 Aug 2020
👍1

I'm observing the same problem.

bubalush picture bubalush on 15 Sep 2020

Terraform v0.12.27
provider.aws v3.5.0

We have exactly the same issue. This issue makes usage of terraform for DocumentDb stuff slightly useless.
@YakDriver do you have any plans to fix it or at least, could you please provide us with any suitable workaround?

Thanks in advance

VladimirRybalko picture VladimirRybalko on 16 Sep 2020

Now it can read only tls parameter.
All other parameters are type system

"name=audit_logs type=system"
"name=change_stream_log_retention_duration type=system"
"name=profiler type=system"
"name=profiler_sampling_rate type=system"
"name=profiler_threshold_ms type=system"
"name=tls type=user"
"name=ttl_monitor type=system"
quantm241 picture quantm241 on 24 Sep 2020

Any update on this issue? Our terraform apply keeps showing changes because of this, so we had to ignore this and apply anyway. This has already lead to issues in production.

michel-lacle picture michel-lacle on 26 Oct 2020
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

ccslamstack picture ccslamstack  路  3Comments
hashibot picture hashibot  路  3Comments
modax picture modax  路  3Comments
hazmeister picture hazmeister  路  3Comments
hashibot picture hashibot  路  3Comments